Re: VPN Client Tunnel all traffic option does not work
Try using the built in address dial up as the source in the internet access trust to untrust policy with nat. Also try changing the order of the policies on the list in the trust to untrust policy list
View ArticleRe: VPN Client Tunnel all traffic option does not work
If I use the "Dial up vpn" address in the source entry (I guess that is what you mean), I get a message "Dialup-VPN must use IPSEC or L2TP in policy".I have the policy on top.
View ArticleRe: SSG5 keeps dropping connection to Shaw modem
Shaws modem is in bridged mode. I inherited this network so not sure of all the settings are correct but it was working and then just stopped out of the blue. Shaw ISP had been going around and...
View ArticleRe: SSG5 keeps dropping connection to Shaw modem
We service providers like to eliminate firewalls when testing that is why the laptop connection test failing was particularly bad for Shaw. So they keep modifying that test to get one to work and wash...
View ArticleClik here to view.
IPsec VPN not passing traffic
Hi, We have two networks that we need to connect with a VPN connection. The remote network is in AWS with the IP range 10.0.0.0/16 and our lokal network has the IP range 192.168.53.0/24. AWS kindly...
View ArticleRe: IPsec VPN not passing traffic
Hi, Is AWS pushing a route for 10.0.x.x network to you via BGP?Can you share the output of 'get route' from the SSG? You may also want to advertise the 192.168.1.x network to AWS for return traffic...
View ArticleClik here to view.
Re: IPsec VPN not passing traffic
Hi Gokul, Thanks for the reply. Yes as far as I understand it AWS should be pushing 0.0.0.0/0 through the VPN. We have enabled route propagation for the two route tables that go with our VPC. Just in...
View ArticleRe: IPsec VPN not passing traffic
hi christopher, can you please post the ike errors from your ssg? if this is an ike gateway timeout then clearly its a routing issue. based on my experience with SRX vpn towards Azure, the...
View ArticleRe: IPsec VPN not passing traffic
Hi dwayne, It doesn't seem to be an ike gateway timeout. When looking at the event log, I can't see any issues with it. The event log can be seen below. 2019-05-04 08:36:18 system info 00542 BGP peer...
View ArticleRe: IKE V2 NOTIFY_MSG_NAT_DETECTION_DESTINATION_IP
Did anyone get this working ? I am trying to setup Azure Route VPN with SSG5 ( with 6.1 software however - I realise that only 6.2 is verified with Azure) set sa-filter <Azure VPN IP>debug ike...
View ArticleRoute based IPSEC VPN Config between SSG-550M and Cisco ASA
Hi All, I'm looking for some help and guidance regarding an issue with Route based IPSEC VPN Config between SSG-550M and Cisco ASA. From the get sa output, its A/D, however traffic is passing through...
View ArticleRe: Route based IPSEC VPN Config between SSG-550M and Cisco ASA
Hi, If your query is about A/D then please cehck below from KB :https://kb.juniper.net/InfoCenter/index?page=content&id=KB6134&actp=METADATA A/D: VPN tunnel is Active, but the link (detected...
View ArticleRe: Route based IPSEC VPN Config between SSG-550M and Cisco ASA
Hi Vikas, Thanks for Your reply. I had allowed the ping inbound before vpn config. And I was able to ping the remote end GW IP as well. Yes, the remote end device is not Netscreen/Juniper, its Cisco...
View ArticleRe: Route based IPSEC VPN Config between SSG-550M and Cisco ASA
Hi Ishaik, You should be able to use DH group under below stanza and call this proposal in your VPN config. >set ike p2-proposal test ? ah AH protocol esp ESP protocol group1 DH Group 1 group14 DH...
View ArticleRe: Route based IPSEC VPN Config between SSG-550M and Cisco ASA
Hi Vikas, Thanks for Your reply again. I will disable the VPN monitor as the other end is able to see Phase 2 Up and able to ping in both directions end-to-end. The remote end is Cisco FWSM and they...
View ArticleRe: Route based IPSEC VPN Config between SSG-550M and Cisco ASA
Hello Ishaik, About PFS - please check Vikas's post again. PFS is not a checkbox in ScreenOS. It is a part of your proposal set. In your screenshot, I see both proposals use Group-2, which means PFS is...
View ArticleRe: Route based IPSEC VPN Config between SSG-550M and Cisco ASA
Hi Gokul, Thanks for the clairification. I've checked the drop down and found there are few with "nopfs." Since I'm already using G2 in the proposal, which means PFS is included/enabled. Regarding the...
View ArticleRe: Route based IPSEC VPN Config between SSG-550M and Cisco ASA
Hi Ishaik, AFAIK, there is no 'no proxy-id' - definitiely not on the Cisco boxes. If they had configured an accept-all proxy-id, then your VPN would have some up whith 0.0.0.0/0 as proxy ID.If you want...
View ArticleAccess VPN from eth0/0 Untrust
Hi, I'm relatively new to Juniper devices and need a bit of support configuring a routing policy. Our SSG-5 is acting as a VPN-Endpoint and in the past we connected devices to bgroup-0 inorder to...
View ArticleRe: Access VPN from eth0/0 Untrust
Hello Christopher, I understand that your Router will be forwarding requests for subnet 10.30.XXX.XXX to your SSG5 eth0/0 IP 192.168.53.200.This traffic then needs to be directed over the tunnel. Is...
View Article