SSG140 v6.3.0r14.0 packet drop due to application error
Dear gurus, I got a problem here: ## 2017-04-07 07:56:16 : ***** SCTP_INIT_ACK *****## 2017-04-07 07:56:16 : existing assoc for INIT_ACK## 2017-04-07 07:56:16 : Different tag Init-Ack!## 2017-04-07...
View ArticleRe: Site to Site VPN Nat Source Traffic
I was forced to revert my changes as users were unable to get to the original subnet that was in the tunnel, but I managed to get a copy of the settings first. Essentially i need users behind the...
View ArticleSSG5 BGP AS-Path Prepend per Neighbor via Route Map not working
I have a SSG5 with BGP running to two different routers (one is primary the other is meant to be secondary/backup.) I need to be able to pre-pend all the routes advertised out the secondary BGP...
View ArticleRe: SSG140 v6.3.0r14.0 packet drop due to application error
Can you confirm in the debug flow that this is the correct policy that the packet is hitting? It may be hitting an early policy in your list. Your other alternative is to turn off the ALG for SCTP if...
View ArticleRe: SSG5 BGP AS-Path Prepend per Neighbor via Route Map not working
You will want to create peer groups. Create two peer groups and setup the neighbors in different groups. This will allow you to apply different route maps to each group.
View ArticleRe: SSG5 BGP AS-Path Prepend per Neighbor via Route Map not working
I set up peer groups and applied the route-map to the peer group that I need the prepends, but alas it still does not work. But if I apply the same route-map to the Redistribution of static it applies...
View ArticleRe: SSG5 BGP AS-Path Prepend per Neighbor via Route Map not working
What is odd is that I know the match properties work in the route-map as I am using that to not allow advertisement of certain subnets. But none of the Set Properties in the route-map seem to do...
View ArticleRe: Site to Site VPN Nat Source Traffic
1: if device doesn't support multiple proxy IDs then use 0.0.0.0/0 from both side and control the VPN traffic using the routes pointing to the tunnel interfaces.2: 10.x.x.x side you need to use MIP as...
View ArticleRe: SSG140 v6.3.0r14.0 packet drop due to application error
Check if sctp tag is changing in the sctp traffic. Thanks,Vikas
View ArticleRe: SSG140 v6.3.0r14.0 packet drop due to application error
Thank you all for reply. According to manual "When you disable an ALG, all packets using that protocol are dropped." I will not want to do that because we have many SIGTRAN links in production! By the...
View ArticleRe: Apple iPhone/iPad VPN to ScreenOS - now possible!
Hi Milan, finally it works. Now i`m trying to fix my hopefully last problem. when i`m connected via VPN and activate one of two policys i have different problems: if i use policy 1: "dial vpn"...
View ArticleProblem of VPN client to site on SSG 5
Hello all,I have configured VPN client to site on SSG5 recently. also, I configured profile on client as well,the client use NCP Secure Entry Client as VPN client software to connect remotely, the...
View ArticleVPN client to side on SSG5.
I am trying to config Juniper SSG5 as VPN client to side only.Anyone give me some documentation for this.if the client use Cisco VPN client to connect VPN. is it succes ?please suggest.
View ArticleRe: Problem of VPN client to site on SSG 5
Hello, Please check if the client has a routing instance that always points to the internet provided by the SIM. Also verify that you are able to ping the public IP address that the VPN is terminated...
View ArticleRe: VPN client to side on SSG5.
Hello Please check our ScreenOS VPN resolution guide for documentation for client to site VPNs. https://kb.juniper.net/KB22091 has a section for Client-to-LAN VPN Resolution Guides . Some of the KBs...
View ArticleRe: Site to Site VPN Nat Source Traffic
I just cleared everything out and tried this: set zone name "vpn" vrouter "trust-vr"set interface tunnel.5 zone "vpn"set interface tunnel.5 ip 172.21.1.1/24set interface tunnel.5 mip 172.21.1.1 host...
View ArticleRe: VPN client to side on SSG5.
Cisco VPN client does not work with ScreenOS firewalls, as the client is missing a number of configuration options that are required.
View ArticleRe: Site to Site VPN Nat Source Traffic
Everything is fine here except 2 things: 1: As I mentioned earlier both side should have proxy id 0.0.0.0/0 configured, not only one side. Please check other side proxy id.2: You policy ordering and...
View ArticleRe: Problem of VPN client to site on SSG 5
Thank for reply. I can ping to the public IP address that the VPN is terminated,But on the sample internet line if I replace by another router modem then VPN connection successfully.I also consider...
View ArticleRe: VPN client to side on SSG5.
which Juniper firewall is supportes by cisco VPN client.please tell me.
View Article