<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
{font-family:"MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>I<span lang=EN-US> am grateful</span> if you could add small note in the Juniper SSG section for small discovery on SSG firewall side. It would be appreciated if you could add small note in the configuration setting about below<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>[Original Issue]<o:p></o:p></p><p class=MsoNormal>There has been issues and reports about 'unable to ping behind the firewall'. <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>[Cause]<o:p></o:p></p><p class=MsoNormal>{1} 'source translation' was not ticked in the policy setting in the dialup VPN. (Policy > Advanced)<o:p></o:p></p><p class=MsoNormal>{2} IP pool must be different from the target IP subnet. <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>If this is not done, user can ping the firewall interface itself, but cannot ping further. (In Juniper Forum, there are similar report unable to ping behind firewall. I will reply to these posts). <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>[Resolution-1]<o:p></o:p></p><p class=MsoNormal>Source Translation must be ticked in the Juniper SSG. (I attached the screenshot to this email.) <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>[Resolution-2]<o:p></o:p></p><p class=MsoNormal>IP Pool must be configured that target IP subnet and IP Pool is different. If we aim for 10.7.4.0/24, we should be using something different IP subnet.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I would appreciate if you could reflect above discovery so that a new user, who attempt configuring ShrewVPN with Juniper SSG, has smooth integration. <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US>With Best Regard<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Atsushi SAIJO, <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>J2EE Enterprise Development<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Open Database Associates bvba<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>