Split Tunneling for Remote Client VPN on SSG 140
Hi everyone; I have created a remote access VPN (Dialup VPN) for remote client who will use ShrewSoft VPN client. I would like to disable the split tunneling while it is connected, I do not want the...
View ArticleRe: IPSec VPN between SSG 140 and WatchGuard M300
All those options are also supported on the SSG so there should be no difficulty setting up a matching set of proposals for both phase 1 and phase 2 between the platforms.
View ArticleRe: After upgrading ScreenOS, have a problem.
When in this mode the kb article referenced above is pretty much the only option. https://kb.juniper.net/InfoCenter/index?page=content&id=KB5519 you hit the enter key during this promptHit any key...
View ArticleRe: Split Tunneling for Remote Client VPN on SSG 140
I don't have access to systems to verify anymore so this is from memory. In Shrew soft client you need to select the "tunnel all" option to turn off split tunneling. This will generate an automatic...
View ArticleRe: Split Tunneling for Remote Client VPN on SSG 140
thanks! I will try "tunnel all" option on Shrew Soft client to see how it works.
View ArticleHow to restrict access to one server only after Dialup VPN connected?
How can I restrict my remote user to access a server only in SSG 140 who is using Dialup VPN. In my Shrew Soft client, I can use "Include", "Exclude" in Policy tab to control but I do think this is...
View ArticleProblem with Dial-up VPN to SSG5
Hi, I am getting rejected IKE package error when I tried to dial-up VPN from Windows.Error message:Rejected an IKE packet on ethernet0/0 from x.x.x.x:x to x.x.x.x:x with cookies 31c4831da574c0d3 and...
View ArticleRe: Problem with Dial-up VPN to SSG5
https://kb.juniper.net/InfoCenter/index?page=content&id=KB6235&actp=METADATA thanks,Vikas
View ArticleRe: Problem with Dial-up VPN to SSG5
Hi Vikas,Thanks very much for your reply.The problem is, some of the computers can connect with the VPN dial-up and some not.I want to if there is anything blocked by Windows Firewall causing the...
View ArticleRe: Problem with Dial-up VPN to SSG5
Hi, 1 :In the firewall logs I see one side cookies is zero so I think first Ike itself is getting dropped.2: What client are you using on the computer to initiate IPSec tunnel? Is there any difference...
View ArticleRe: Problem with Dial-up VPN to SSG5
Hi Vikas, I have tried to disable firewall and still could not connect to the SSG5 in the office.I am just using the dial-up VPN built-in within Windows 10. Choose L2TP/IPsec with cert and input...
View ArticleRe: Problem with Dial-up VPN to SSG5
Hi Henry, You can try using VPN client shrewsoft, it's easy and widely deployed. Or please take a simultaneous capture on the machine, debugs on the firewall and see if the it's correct parameters or...
View ArticleRe: netscreen 5gt factory reset
If nothing happens when you reply with "Y", then check your terminal application. I use Putty with the default settings and was able to successfully clear three units using the serial number as login...
View ArticleHow to configure vlan to have different ext IP?
I have never used Juniper but got one to play with and need some help. I am testing something and using a SSG5 with 6.3r8 FW and have a /29 from ISP.I have configured ethernet0/6 with 10.30.3.1/24 and...
View ArticleRe: How to configure vlan to have different ext IP?
Hello, You are usingthe default Trust to Untrust NAT on the device. This is usually achieved by having the interface in a NAT mode. in your cpnfiguration, you have as follows :- set interface...
View ArticleRe: How to restrict access to one server only after Dialup VPN connected?
Hello, The policy you configure for the Dial UP VPN will also act as a proxy ID. You can use these settings to control the access via the Dial UP VPN. This can be done if the Dial UP VPN is a policy...
View ArticleRe: How to configure vlan to have different ext IP?
something still not corredct. I made the change and still cant ping from 10.11.7.250 to 8.8.8.8 Date/Time Source Address/Port Destination Address/Port Translated Source Address/Port...
View ArticleRe: How to configure vlan to have different ext IP?
Hello,The traffic log here clearly shows that the traffic is going out and the session is timing out after 1 minute as there is no reply received. This is seen in the close reason as "Close - Age Out...
View ArticleZero-Hit Count Policy
Hi, I have one client who asked me to optimize his SSG550M configuration and one part of this requirement is to delete all policies of Zero hit Count. To enable countering on policies has limitation of...
View Article