Re: how to filter debug ike all
Hello,I tried in lab for few devices and I am not able to see such a behaviour. What OS version are you using ? RegardsVatsa
View ArticleRe: DHCP not passing IPs
Can you confirm the Pulse Secure DHCP forwarding profile: Resource profiles > VPN tunneling > Connection profiles And confirm that this is assigned to the appropriate roles. And that the role is...
View ArticleDual Internet links Failover and load balancing on SSG-140
I required help configuring of dual Internet links with Failover and load balancing on SSG-140.Right now we have a single ISP link on firewall for all inbound traffic of Emails and outbound traffic of...
View ArticleRe: Dual Internet links Failover and load balancing on SSG-140
Hi, I understand that you can configure from 1-4 and your ISPs can do the MIP/VIP failover because firewall can't control the route for the incoming traffic on the upstream devices(ISPs). 1: for MIP...
View ArticleRe: Android VPN to Juniper SSG
HI, I don't see any document for the Android based VPN clinet howevever we can try to help you establish this VPN. 1: Do you already have dialup VPNs working using shrewsoft? IKE V1 or IKE V2 ?2: This...
View ArticleRe: Android VPN to Juniper SSG
YOu can also try test 3 along with strongswan VPN client if you want to use IKEv2 . Thanks,Vikas
View ArticleNetScreen 50, transparent mode, tagged vlans and webui?
Hello there!I actually have a network composed of a Cisco 2800 router, attached to a switch.They communicate through three 802.1q tagged VLANs (workstations, production, management).I would like to put...
View ArticleRe: NetScreen 50, transparent mode, tagged vlans and webui?
Hi, Do you have manage access and appropriate routes on the vlan interface, Example : https://kb.juniper.net/InfoCenter/index?page=content&id=KB5532&actp=METADATA Thanks,Vikas
View ArticleRe: Android VPN to Juniper SSG
Hi Vikas, Many thanks for reply.Yes, I have working DialUP VPN using shrew and it is IKEv1. This is what I see in logs during failed connection attempt: 2017-04-27T11:27:27.978319+02:00 firewall:...
View ArticleRe: Android VPN to Juniper SSG
Hi Vikas, I tried StrongSwan but it also doesn't work: 2017-04-27T12:15:14.265221+02:00 firewall firewall: NetScreen device_id=firewall [Root]system-information-00536: Rejected an IKE packet on...
View ArticleRe: NetScreen 50, transparent mode, tagged vlans and webui?
Hi Vikas, thanks for your answer! I'll check the routes this afternoon, but I can access the WebUI when the trust interface is on an untagged port on the switch, but while doing this I can't reach the...
View ArticleRe: Android VPN to Juniper SSG
Hi, It seems to be local id issue. Can you please check below settings if it works: 1: in you Android client, can you try configuring IPSec identifier same as the ikeID user in the netscreen. 2: OR...
View ArticleRe: NetScreen 50, transparent mode, tagged vlans and webui?
Hi, I understand that vlan1 is not working with tagged traffic and working when it's untagged. Can you please try making vlan1 trunk port: set int vlan1 vlan trunk Or if you could configure new vlan...
View ArticleRe: Dual Internet links Failover and load balancing on SSG-140
Hi,Thanks for Reply. You are right that we can not control our inbound traffic. But we can define MIp/VIp on both ISPs achive the inbound traffic load blacing /failover through DNS round robin....
View ArticleRe: Dual Internet links Failover and load balancing on SSG-140
Hi, If you have DNS mapping for the MIP/VIP ips and their A records can be updated dynamical then I don't see any issue. Only you need to consider if there is any asymmetric routing, e,g, traffic cames...
View ArticleRe: Dual Internet links Failover and load balancing on SSG-140
Hi,Thanks for Reply. your point related asymmetric routing is valid.i want that traffic coming from ISP-1 should go back through same ISP-1. i will use unset flow reverse-route clear-text to avoid...
View ArticleRe: Dual Internet links Failover and load balancing on SSG-140
I meant, I understand that your MIP/VIP IPs are bound with DNS names and in case of any link down etc if this binding is updated automatically and traffic will shift from one public IP to another, or...
View ArticleVPN users in another security zone
Hi , All VPN users by default are in trust security zone on SSG140.Is it possible to put them in separate security zone to restrict their access to Trust zone hosts?
View ArticleRe: Android VPN to Juniper SSG
Hi Vikas, I have checked the settings you have asked me to: > 1: in you Android client, can you try configuring IPSec identifier same as the ikeID user in the netscreen. Yes, I did that. Without...
View Article