Re: How to enable Skype services to go through SSG Juniper
Hi Mr.Puluka, I did do it, but I have so many IP's that I'm not sure which one I trust. Should I add Ip by IP in the destination? I mean, I try to write a policy to keep minimum access to Internet for...
View ArticleRe: How to enable Skype services to go through SSG Juniper
I've been looking around at Skype support and forums and it appears there is no listing at all to restrict Skype acces by ip address destination. They don't even try to provide network ranges. A few...
View ArticleRe: mutiple untrust adsl , from trust to untrust only Translated Source...
Thanks all. Finally, I use PBR to achive this function.
View ArticleRe: How to enable Skype services to go through SSG Juniper
Hi, I added those IP's (indicated in your link) as destination in the policy, but does not work yet. Even, I added the networks indicated in the following article, without result:...
View ArticleSSG140 Site to Site VPN with ASA Multiple Subnets
Hi; Here is my cases.Site A : SSG 140 firmware 6.2 (subnet: 192.168.70.x)Site B : ASA (subnet 192.168.50.x)Site C: HQ (subnet 10.10.x.x) Site A <--- site to site VPN --> Site B (SSG140 and...
View ArticleRe: ssg14- Report - Interface Bandwidth
Hello Inderjit,Ideally this behaviour is expected to be seen on all devices when there is a configuration done.What are the OS versions of the devices where youdo not se this issue ?RegardsVatsa
View ArticleSSG act as L2TP / PPTP Client
Hi everyone, I was wondering if with the latest releases it was now possible to have an SSG20 act as a PPTP/L2TP client.. dialing out to a vpn provider, and then able to reroute certain subnets over...
View ArticleRe: SSG140 Site to Site VPN with ASA Multiple Subnets
Hi, If you have a route based VPN between A & B then you need to do the below steps: 1: Please check the proxy ID's on both the sides, whether it's none or 0.0.0.0/0 or any , shouldn't be any...
View ArticleRe: SSG140 Site to Site VPN with ASA Multiple Subnets
ALso, modify the security policies accordingly to allow the traffic between all the subnets. Thanks,Vikas
View ArticleRe: SSG140 Site to Site VPN with ASA Multiple Subnets
thanks for your response. In order to have site to site vpn for Site A and Site B, I have the following configuration. Because I am not familiar with Juniper, to have it extend to Site C. How can I...
View ArticleRe: SSG140 Site to Site VPN with ASA Multiple Subnets
How can I identify, if the route base VPN or policy base VPN is in use? I can see the security policy to control the "permit" and "deny" of traffic coming in and out for subnet.
View ArticleRe: How to enable Skype services to go through SSG Juniper
From what I'm seeing on the MS and Skype support sites, I don't think you are going to be able to restrict standard Skype at all with firewall rules. They basically reserve the right to go to any ip...
View ArticleRe: SSG act as L2TP / PPTP Client
No, ScreenOS does not support the firewall as a client for these services.
View ArticleRe: SSG140 Site to Site VPN with ASA Multiple Subnets
With a policy VPN you create the policy and choose an Action of "tunnel" instead of permit. You can only permit then, you cannot create deny policies. With the route based vpn you will find a binding...
View ArticleRe: SSG140 Site to Site VPN with ASA Multiple Subnets
thanks! I also talked to the Cisco technician, she point out that the traffice from Site A to Site C is dropped by ASA firewall at Site B because the VPN phase 2 ESP value issue. And she asked me to...
View ArticleRe: SSG140 Site to Site VPN with ASA Multiple Subnets
Can I have two command like this on the same vpn tunnel? One for site B, and one for Site C. set vpn "Site_B" gateway "Site-b-gateway" replay tunnel idletime 0 proposal "nopfs-esp-des-sha" set vpn...
View ArticleUpgrade from 6.2 to 6.3 latest firmware
Hi; I am planning to upgrade my firmware from 6.2 to 6.3 (the latest version), do I need any intermediate upgrade first? Or, I can upgrade to 6.3 release 22 directly? How can I find do I need upgrade...
View ArticleRe: SSG140 Site to Site VPN with ASA Multiple Subnets
Yes, for your setup you will need to have two proxy-id pairs setup to send the required traffic. But the subnet mask on the 192.168.70 and 50 should be 24 so they don't overlapset vpn "Site_B"...
View ArticleRe: Upgrade from 6.2 to 6.3 latest firmware
You can upgrade, bootlpader upgrade is recomended but not mandatory. Please check chapter 2 page 8 of below link for more...
View ArticleRe: Upgrade from 6.2 to 6.3 latest firmware
Also refer kb https://kb.juniper.net/InfoCenter/index?page=content&id=TSB16495&smlogin=true&actp=search before upgrading to the latest.Thanks,Vikas
View Article