<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Let me rephrase, each VPN client will be in its own /32 subnet, i.e.
one IP, but several clients/IP's can belong to an IKE. The SSG VPN
server will take care of the routing for you. But you have to assign
policies to each IKE to be able to communicate with the remote
subnet/zones, be it ping or "Any" access. Hope it makes sense.<br>
<br>
<div class="moz-cite-prefix">On 02.03.2013 21:15, Lars Vik wrote:<br>
</div>
<blockquote cite="mid:51325DE6.4060206@3056.net" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
OK, I am just trying to understand what you are trying to
accomplish. It is from the VPN client you want to ping/access the
devices on the subnet from, right? Usually, well at least on SSG,
you have security zones, trust, dmz, untrust, etc. The VPN clients
will come from the untrust zone. You will need to use a different
subnet for the VPN clients, and add policies to allow traffic from
untrust (VPN-dialup) to (and from) the different zones and
subnets. You can set granular access on tunnels/IKE level.<br>
<br>
<div class="moz-cite-prefix">On 02.03.2013 20:17, info wrote:<br>
</div>
<blockquote cite="mid:51325057.90004@customautomation.com"
type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<font face="Helvetica, Arial, sans-serif">For tech support
purposes I need to "see" or be able to ping all devices on the
subnet. They typically have web browser interfaces, and
plugging in 10.1.X.YY for example, will take me right there
for me to access.<br>
<br>
-Dennis</font><br>
<div class="moz-cite-prefix"><br>
<br>
-------- Original Message --------<br>
</div>
<blockquote
cite="mid:95F40A4E-0F48-4444-B214-F3196F3CEEDD@3056.net"
type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<div><span style="-webkit-tap-highlight-color: rgba(26, 26,
26, 0.296875); -webkit-composition-fill-color: rgba(175,
192, 227, 0.230469); -webkit-composition-frame-color:
rgba(77, 128, 180, 0.230469); ">Why would you want
anything but a /32 to a VPN client IP?</span><br
style="-webkit-tap-highlight-color: rgba(26, 26, 26,
0.296875); -webkit-composition-fill-color: rgba(175, 192,
227, 0.230469); -webkit-composition-frame-color: rgba(77,
128, 180, 0.230469); ">
<br>
Sent from my iPhone</div>
<div><br>
On 2. mars 2013, at 17:44, info <<a
moz-do-not-send="true"
href="mailto:info@customautomation.com">info@customautomation.com</a>>
wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<font face="Calibri">Hello All,<br>
<br>
I just implemented the SSG HowTo, using a Juniper SSG5
and Shrew VPN Client 2.1.7, and it works as advertised
thank you. The rub is that the assigned IP address
coming from the SSG IP Pool to my PC has a subnet mask
of 255.255.255.255. I'd like it to be 255.255.0.0. I
assume this is controlled by the SSG, but don't see an
obvious setting for it. Anybody have suggestions?<br>
<br>
Thanks,<br>
-Dennis<br>
</font> </div>
</blockquote>
<blockquote type="cite">
<div><span>_______________________________________________</span><br>
<span>vpn-help mailing list</span><br>
<span><a moz-do-not-send="true"
href="mailto:vpn-help@lists.shrew.net">vpn-help@lists.shrew.net</a></span><br>
<span><a moz-do-not-send="true"
href="https://lists.shrew.net/mailman/listinfo/vpn-help">https://lists.shrew.net/mailman/listinfo/vpn-help</a></span><br>
</div>
</blockquote>
</blockquote>
<br>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
vpn-help mailing list
<a class="moz-txt-link-abbreviated" href="mailto:vpn-help@lists.shrew.net">vpn-help@lists.shrew.net</a>
<a class="moz-txt-link-freetext" href="https://lists.shrew.net/mailman/listinfo/vpn-help">https://lists.shrew.net/mailman/listinfo/vpn-help</a>
</pre>
</blockquote>
<br>
</body>
</html>