<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#1F497D" bgcolor="#FFFFFF">
<font face="Calibri">Thanks for your insight.<br>
-Dennis<br>
</font>
<div class="moz-cite-prefix"><br>
<br>
-------- Original Message --------<br>
</div>
<blockquote cite="mid:513261E9.2030002@3056.net" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Let me rephrase, each VPN client will be in its own /32 subnet,
i.e. one IP, but several clients/IP's can belong to an IKE. The
SSG VPN server will take care of the routing for you. But you have
to assign policies to each IKE to be able to communicate with the
remote subnet/zones, be it ping or "Any" access. Hope it makes
sense.<br>
<br>
<div class="moz-cite-prefix">On 02.03.2013 21:15, Lars Vik wrote:<br>
</div>
<blockquote cite="mid:51325DE6.4060206@3056.net" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
OK, I am just trying to understand what you are trying to
accomplish. It is from the VPN client you want to ping/access
the devices on the subnet from, right? Usually, well at least on
SSG, you have security zones, trust, dmz, untrust, etc. The VPN
clients will come from the untrust zone. You will need to use a
different subnet for the VPN clients, and add policies to allow
traffic from untrust (VPN-dialup) to (and from) the different
zones and subnets. You can set granular access on tunnels/IKE
level.<br>
<br>
<div class="moz-cite-prefix">On 02.03.2013 20:17, info wrote:<br>
</div>
<blockquote cite="mid:51325057.90004@customautomation.com"
type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<font face="Helvetica, Arial, sans-serif">For tech support
purposes I need to "see" or be able to ping all devices on
the subnet. They typically have web browser interfaces, and
plugging in 10.1.X.YY for example, will take me right there
for me to access.<br>
<br>
-Dennis</font><br>
<div class="moz-cite-prefix"><br>
<br>
-------- Original Message --------<br>
</div>
<blockquote
cite="mid:95F40A4E-0F48-4444-B214-F3196F3CEEDD@3056.net"
type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<div><span style="-webkit-tap-highlight-color: rgba(26, 26,
26, 0.296875); -webkit-composition-fill-color: rgba(175,
192, 227, 0.230469); -webkit-composition-frame-color:
rgba(77, 128, 180, 0.230469); ">Why would you want
anything but a /32 to a VPN client IP?</span><br
style="-webkit-tap-highlight-color: rgba(26, 26, 26,
0.296875); -webkit-composition-fill-color: rgba(175,
192, 227, 0.230469); -webkit-composition-frame-color:
rgba(77, 128, 180, 0.230469); ">
<br>
Sent from my iPhone</div>
<div><br>
On 2. mars 2013, at 17:44, info <<a
moz-do-not-send="true"
href="mailto:info@customautomation.com">info@customautomation.com</a>>
wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<font face="Calibri">Hello All,<br>
<br>
I just implemented the SSG HowTo, using a Juniper SSG5
and Shrew VPN Client 2.1.7, and it works as advertised
thank you. The rub is that the assigned IP address
coming from the SSG IP Pool to my PC has a subnet mask
of 255.255.255.255. I'd like it to be 255.255.0.0. I
assume this is controlled by the SSG, but don't see an
obvious setting for it. Anybody have suggestions?<br>
<br>
Thanks,<br>
-Dennis<br>
</font> </div>
</blockquote>
<blockquote type="cite">
<div><span>_______________________________________________</span><br>
<span>vpn-help mailing list</span><br>
<span><a moz-do-not-send="true"
href="mailto:vpn-help@lists.shrew.net">vpn-help@lists.shrew.net</a></span><br>
<span><a moz-do-not-send="true"
href="https://lists.shrew.net/mailman/listinfo/vpn-help">https://lists.shrew.net/mailman/listinfo/vpn-help</a></span><br>
</div>
</blockquote>
</blockquote>
<br>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
vpn-help mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:vpn-help@lists.shrew.net">vpn-help@lists.shrew.net</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.shrew.net/mailman/listinfo/vpn-help">https://lists.shrew.net/mailman/listinfo/vpn-help</a>
</pre>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>