<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body text="#1F497D" bgcolor="#FFFFFF">
    <font face="Calibri">Thanks for your insight.<br>
      -Dennis<br>
    </font>
    <div class="moz-cite-prefix"><br>
      <br>
      -------- Original Message --------<br>
    </div>
    <blockquote cite="mid:513261E9.2030002@3056.net" type="cite">
      <meta content="text/html; charset=ISO-8859-1"
        http-equiv="Content-Type">
      Let me rephrase, each VPN client will be in its own /32 subnet,
      i.e. one IP, but several clients/IP's can belong to an IKE. The
      SSG VPN server will take care of the routing for you. But you have
      to assign policies to each IKE to be able to communicate with the
      remote subnet/zones, be it ping or "Any" access. Hope it makes
      sense.<br>
      <br>
      <div class="moz-cite-prefix">On 02.03.2013 21:15, Lars Vik wrote:<br>
      </div>
      <blockquote cite="mid:51325DE6.4060206@3056.net" type="cite">
        <meta content="text/html; charset=ISO-8859-1"
          http-equiv="Content-Type">
        OK, I am just trying to understand what you are trying to
        accomplish. It is from the VPN client you want to ping/access
        the devices on the subnet from, right? Usually, well at least on
        SSG, you have security zones, trust, dmz, untrust, etc. The VPN
        clients will come from the untrust zone. You will need to use a
        different subnet for the VPN clients, and add policies to allow
        traffic from untrust (VPN-dialup) to (and from) the different
        zones and subnets. You can set granular access on tunnels/IKE
        level.<br>
        <br>
        <div class="moz-cite-prefix">On 02.03.2013 20:17, info wrote:<br>
        </div>
        <blockquote cite="mid:51325057.90004@customautomation.com"
          type="cite">
          <meta content="text/html; charset=ISO-8859-1"
            http-equiv="Content-Type">
          <font face="Helvetica, Arial, sans-serif">For tech support
            purposes I need to "see" or be able to ping all devices on
            the subnet. They typically have web browser interfaces, and
            plugging in 10.1.X.YY for example, will take me right there
            for me to access.<br>
            <br>
            -Dennis</font><br>
          <div class="moz-cite-prefix"><br>
            <br>
            -------- Original Message --------<br>
          </div>
          <blockquote
            cite="mid:95F40A4E-0F48-4444-B214-F3196F3CEEDD@3056.net"
            type="cite">
            <meta http-equiv="content-type" content="text/html;
              charset=ISO-8859-1">
            <div><span style="-webkit-tap-highlight-color: rgba(26, 26,
                26, 0.296875); -webkit-composition-fill-color: rgba(175,
                192, 227, 0.230469); -webkit-composition-frame-color:
                rgba(77, 128, 180, 0.230469); ">Why would you want
                anything but a /32 to a VPN client IP?</span><br
                style="-webkit-tap-highlight-color: rgba(26, 26, 26,
                0.296875); -webkit-composition-fill-color: rgba(175,
                192, 227, 0.230469); -webkit-composition-frame-color:
                rgba(77, 128, 180, 0.230469); ">
              <br>
              Sent from my iPhone</div>
            <div><br>
              On 2. mars 2013, at 17:44, info <<a
                moz-do-not-send="true"
                href="mailto:info@customautomation.com">info@customautomation.com</a>>



              wrote:<br>
              <br>
            </div>
            <blockquote type="cite">
              <div>
                <meta http-equiv="content-type" content="text/html;
                  charset=ISO-8859-1">
                <font face="Calibri">Hello All,<br>
                  <br>
                  I just implemented the SSG HowTo, using a Juniper SSG5
                  and Shrew VPN Client 2.1.7, and it works as advertised
                  thank you. The rub is that the assigned IP address
                  coming from the SSG IP Pool to my PC has a subnet mask
                  of 255.255.255.255. I'd like it to be 255.255.0.0. I
                  assume this is controlled by the SSG, but don't see an
                  obvious setting for it. Anybody have suggestions?<br>
                  <br>
                  Thanks,<br>
                  -Dennis<br>
                </font> </div>
            </blockquote>
            <blockquote type="cite">
              <div><span>_______________________________________________</span><br>
                <span>vpn-help mailing list</span><br>
                <span><a moz-do-not-send="true"
                    href="mailto:vpn-help@lists.shrew.net">vpn-help@lists.shrew.net</a></span><br>
                <span><a moz-do-not-send="true"
                    href="https://lists.shrew.net/mailman/listinfo/vpn-help">https://lists.shrew.net/mailman/listinfo/vpn-help</a></span><br>
              </div>
            </blockquote>
          </blockquote>
          <br>
        </blockquote>
        <br>
        <br>
        <fieldset class="mimeAttachmentHeader"></fieldset>
        <br>
        <pre wrap="">_______________________________________________
vpn-help mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:vpn-help@lists.shrew.net">vpn-help@lists.shrew.net</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.shrew.net/mailman/listinfo/vpn-help">https://lists.shrew.net/mailman/listinfo/vpn-help</a>
</pre>
      </blockquote>
      <br>
    </blockquote>
    <br>
  </body>
</html>