Re: Having a problem SSG5 with polycom HDX6000
Hi spuluka, Actually, I can call to multiple remote sites but there only one remote site had troubleThe that remote site connect VPN site to side to home office.at the multiple remote sites that I can...
View ArticleRe: Having a problem SSG5 with polycom HDX6000
Hi, 1: Your site doesn't use any VPN to connect to the central site or to any branch site, right?2: All other sites use VPNs to connects to the Central site, including he site which is not...
View ArticleRe: Having a problem SSG5 with polycom HDX6000
Thanks for confirming that the call method from all the remote sites is the same and over the internet. This tends to verify that we should think the configuration issue will be on the remote site...
View ArticleClik here to view.
MIP to private address problem on SSG5
Hi all,I am having a problem about connection from private IP address to internet with SSG5.My configuration on SSG5 is that I have a private IP address (10.192.10.100) in trust zone. Then I set one...
View ArticleRe: Having a problem SSG5 with polycom HDX6000
Thank for your advice. I have created a testing to call unsuccesfull site.at the unsuccesfull site I have adviced to connect VC directly IP public not bypass firewall.the testing is successfull. so it...
View ArticleRe: MIP to private address problem on SSG5
Hi, I understand that 10.192.10.100 is unable to connect to the Internet. The same PC connects fine if it uses any different private IP. we will need some information to figure this out: 1: The working...
View ArticleRe: MIP to private address problem on SSG5
Hi Vikas, I have checked the Policy for this MIP again.It is a bit abnormal from trust to untrust. due to the policy with source from 10.192.0.0/16 t0 ANY.when I disable it. It is fine connection...
View ArticleRe: MIP to private address problem on SSG5
Hi, Mainly, the policy should avoid any NAT overlap and should be specific to the traffic's source/destination/service. Also, the first matching rule is invoked first. THanks,Vikas
View ArticleClik here to view.
SSG 5 - get VIP to look for route in Untrust-vr
Hi I am having a problem to get VIP to work. I have a DMZ zone in Untrust-vr.I want to be able to configure a VIP on Untrust and send the traffic to the DMZ zone. I can't get it to work. It just keeps...
View ArticleRe: SSG 5 - get VIP to look for route in Untrust-vr
The firewall will do a route lookup in the VR that the ingress interface is in. In this case, it would be the VR that the Untrust zone is in, which by default is the trust-vr. You have a few options....
View ArticleRe: SSG 5 - get VIP to look for route in Untrust-vr
Hi Thansk for you reply! That's the thig that I thought was so weird, the Untrust zone is in Untrust-vr. I have changed the default config.It is still looking for the route in Trust-vr. "get config | i...
View ArticleRe: SSG 5 - get VIP to look for route in Untrust-vr
Can you provide the output of a debug flow basic?
View ArticleRe: SSG 5 - get VIP to look for route in Untrust-vr
Hi Here below is the debug flow basic. I have also attached a little more detailed config experpt.1.1.1.2 external ip2.2.2.2 SSG firewall ****** 472511.0: <Untrust/ethernet0/0> packet received...
View ArticleRe: SSG 5 - get VIP to look for route in Untrust-vr
Ah. This looks like it is not caused by a routing issue. Do you have a policy from untrust to dmz that references the VIP? [ Dest] 95.route 1.1.1.2->2.2.2.1, to ethernet0/0 self check, not for us...
View ArticleRe: SSG 5 - get VIP to look for route in Untrust-vr
Hi I do have a policy, I have been logging it all since the befining, noting has been caught in it.The route 95 is the route back out to the net again where the packet came from.2.2.2.1 is the SSG...
View ArticleRe: SSG 5 - get VIP to look for route in Untrust-vr
I was checking the config (ttachmnet), I see the below: set vrouter "untrust-vr"set sibr-routing enableset route 10.238.135.224/28 interface tunnel.2set route 10.238.135.224/28 interface null metric 10...
View Articlenat incoming source with MIP (ScreenOS)
Our network 192.168.10.0/24 (netA). Partner network 192.168.1.0/24 (attach topology). 192.168.10.10 (serverA) is our server. We have some partners have same remote LAN: 192.168.1.0/24 (netB). Iam...
View ArticleRe: nat incoming source with MIP (ScreenOS)
http://www.juniper.net/documentation/software/screenos/screenos6.3.0/630_ce_VPN.pdf page number 147 Thanks,Vikas
View ArticleRe: nat incoming source with MIP (ScreenOS)
Dear vikassingh,I have read the solution with you mention, But I try to DIP in our site not in the partner site.Thanks.
View ArticleRe: SSG 5 - get VIP to look for route in Untrust-vr
Hi Vikas Thanks for your reply. That is correct, I have a tunnel between the DMZ zones of my two ssg5's.The host is on the other side of the tunnel. I can ping bothways through the tunnel. the result...
View Article