Limit number of client vpn connection in policy base vpn?
I am using two Juniper FW model using SSG 140 and SSG5 set up as a site to site firewall connection. The VPN connection is a policy base. I want to limit the client connection to 1 client only to use...
View ArticleRe: Limit number of client vpn connection in policy base vpn?
Hello, With current setup, the best option is to change the policy settings. There is no option like VPN filter present on other vendor boxes.Alternatively you can configure a route based VPN instead...
View ArticleRe: SSG140 cross-subnet problems
Hello, Enable the 'flow debugs' as below: set ff src-ip 192.168.42.x dst-ip 172.20.0.y (or any test PC IPs)set ff src-ip 172.20.0.y dst-ip 192.168.42.xset db size 4096debug flow basic Now initiate...
View ArticleSite to SIte Policy Base VPN Tunnel limit to one tunnel session
A setup of both SSG140 (FW A) and SSG 5 (FW B) policy base VPN tunnel. Only one tunnel connection is allowed between FW A and FW B. By introducing another tunnel FW C which has the same configuration...
View ArticleRe: SSG140 cross-subnet problems
I'm not totally sure what all of this means since I've never had to run a debug before, but it looks as though it stops processing packets properly around line 100698: **** pak processing end. packet...
View ArticleClik here to view.
Re: SSG140 cross-subnet problems
I added a trust->trust policy just out of curiosity and it shows "age out" at about 20 seconds.
View ArticleUnable to reach to remote MPLS site via VPN
Hi, Basically I have a main site with a Juniper SSG20 (on v6.2). This has a client IPSec VPN and also has a connection to another site via an MPLS connection (the main WAN is on eth0/0 and the MPLS is...
View ArticleRe: SSG140 cross-subnet problems
Looks like the return traffic is not passing through the firewall. Run a traceroute from the 172 device and see if it passes through the firewall.
View ArticleRe: Unable to reach to remote MPLS site via VPN
You would need to set this up as a route based VPN.
View ArticleRe: SSG140 cross-subnet problems
Oh. I know what's happening now. The initial problem I had yesterday was a result of the two machines being on different subnets and ALSO utilitizing different routers for their primary gateways. We...
View ArticleRe: SSG140 cross-subnet problems
All devices will do that. When it sends the reply, it has to generate a new packet and will do a route lookup. Connected routes are always prefered over other routes.
View ArticleRe: Unable to reach to remote MPLS site via VPN
Sorry just to clarify, can a route based VPN still be a client VPN, or would it need to be a site to site VPN?
View ArticleRe: Unable to reach to remote MPLS site via VPN
Hello, Yes. Route based VPN can be client VPN.Here is one such example. https://kb.juniper.net/InfoCenter/index?page=content&id=KB15272&actp=METADATA Regards, Rushi
View ArticleRe: Site to SIte Policy Base VPN Tunnel limit to one tunnel session
Hello, There is a good chance that SSG5 will detect the intrusion even with license limit and toggle between SSG140 and duplicate device. I would like to know purpose of introducing FW C with identical...
View ArticleRe: Site to SIte Policy Base VPN Tunnel limit to one tunnel session
Hi , I want to limit the connection to the site to site tunnel to only 1 connection between FW A and FW B. The introduction of FW C is to simulate a senorio whereby somebody try to breach our tunnel....
View ArticleRe: Unable to reach to remote MPLS site via VPN
Hi Folks,Please find some documentations,...
View ArticleRe: Site to SIte Policy Base VPN Tunnel limit to one tunnel session
Hello , There are some points to consider here :- 1. Just by having another device with same config, you cannot cause intrusion. Inbetween routers will play a major part on how they are routing the...
View ArticleRe: Unable to reach to remote MPLS site via VPN
Python, Your two configuration links are the Junos SRX versions. Rushi has the correct screenOS dynamic route based VPN linked above for this application.
View ArticleRe: Unable to reach to remote MPLS site via VPN
Thanks everyone. I will go through the guide and setup a route based client VPN and see if this works.
View ArticleRe: Unable to reach to remote MPLS site via VPN
Quick question - can I still keep the existing VPN on the router and add this new route based VPN? It doesn't seem like it, but just wanted to check. thanks.
View Article