Re: Dial-up VPN to SSG-350 (site to site VPN)
1: Strange that I don;t see any packet for 192.168.99.109 at least I should see the packet getting decrypted on the device. Please set the filters as below: set ff src-ip 172.31.99.63 dst-ip...
View ArticleRe: Route Sync in ISG
Yeah i had seen this link, but the issue is that i have disbaled VSD 0 and now whenver i am giving the firewall switchover i see some impact. Running OSPF as dynamic protocol. Is there any other way...
View ArticleRe: Route Sync in ISG
The RTO sync will not be an option outside of VSD 0. The only other configuration I can think of that might help, is if you change to Active/Active and then you can have active neighbors on both...
View ArticleRe: Dial-up VPN to SSG-350 (site to site VPN)
Hi Vikas, Please refer to the attachment. Many Thanks,Kay
View ArticleRe: Dial-up VPN to SSG-350 (site to site VPN)
I still don't see any packet for the ip 192.168.99.109.It's probably because of the policy. I understand that your are using policy id 19 for this tunnel, right? set policy id 19 from "Untrust" to...
View ArticleRe: Dial-up VPN to SSG-350 (site to site VPN)
Hi Vikas, I have checked the firewall setting. The policy trust address subnet mask is /24 instead of /16.VPN client spilt tunneling is 192.168.0.0/16. Is it because of this setting? Thanks,Kay
View ArticleRe: Dial-up VPN to SSG-350 (site to site VPN)
The policy should have same subnet as in split tunneling. Please configure 192.168.0.0/16 in the policy, not /24. Thanks,Vikas
View ArticleRe: Dial-up VPN to SSG-350 (site to site VPN)
Hi Vikas, I have changed the firewall policy from 192.168.135.0/24 to 192.168.0.0/16.However, i dont' see traffic (to 192.168.99.109) coming from the VPN client. Do I need to add policy in other side...
View ArticleRe: Dial-up VPN to SSG-350 (site to site VPN)
Hello, Both VPN end points should have mirror images of the subnets in the policy. Regards, Rushi
View ArticleMulticast HB exchange
I have a set up in which 2 HP servers are connected to netscreen firewall via an L2 switches. So as per the design, heartbeat probes are to be initiated from the Server1 goes to the layer 2 switch1 and...
View ArticleRe: Multicast HB exchange
The multicast traffic should be able to pass if the servers are in the same vlan. If they are not in the same vlan, then it would have to pass through the firewall. In order to pass this traffic...
View ArticleISG 2000 SFP module
I have an ISG2000 and i need sfp module with part number FG-TRAN-LX and FG-TRAN-SX. my question is that can i temporarily use SRX-SFP-1GE-LX and SRX-SFP-1GE-SX instead until the order is delivered?
View ArticleRe: ISG 2000 SFP module
Hello, I think they should be interusable looking at the specification of each.I have never tried it though. Regards, Rushi
View ArticleRe: ISG 2000 SFP module
I've used 3rd party optics on a lot of Juniper equipment and they generally work just fine as long as you use them in the matching port types. Naturally if there are physical link issues, you won't be...
View ArticleRe: SC-CPA on SSG5 not function
HI STEVE,I buy the equipment on a resale for a year or more, I got in touch with a local partner and tell me that the equipment is EoL and that you cannot add a contract. If this is true favor I...
View ArticleHow to enable Skype services to go through SSG Juniper
Hi everyone,I have some machines in my LAN and I need to enable Skype (application) for those.I made the following policy:Source: 192.168.0.25 Destination: www.skype.comService:...
View ArticleRe: How to enable Skype services to go through SSG Juniper
Hi, Only allowing www.skype.com shoudln't work. I tried in computer I see many other DNS query for the skype, please see attached snapshot. Thanks,Vikas
View ArticleRe: SC-CPA on SSG5 not function
Yes, the SSG5 hardware is end of sale but end of support is not until 2020. My understanding is you can still purchase the add on licensing until end of support. Here are the two options from CDW. Web...
View ArticleRe: How to enable Skype services to go through SSG Juniper
Hi, Thanks for your answer. I included the pages mentioned, however, doesn´t work. About the policy, Skype only works when the destination is any. Any idea? Regards.
View ArticleRe: How to enable Skype services to go through SSG Juniper
Turn the destination back to anyEnable logging for the policyCreate a number of successful skpe callsGo to the policy > log pageDownload the logs and analyze the destination addresses needed for the...
View Article