[vpn-help] Connect to multiple networks with one VPN connection

Uracs Tamás uracs.tamas at peetandcook.hu
Mon Oct 11 08:02:25 CDT 2010


Hi All,

sorry for coming with this again, but what Kevin suggested does not work for me. :-(
I tried to add the second destination network to our Juniper SSG5 policy, the result is none of the 2 destination networks are reachable.
If I add a second Dial Up VPN policy with the same IKE tunnel settings, then the in the second policy's log I see only traffic denied message.
I don't use any proxy ID in our system.

My goal would be: 
-create a dial up vpn, with witch we can reach 2 IP subnet. 192.168.3.0/24 on a local interface, and a 192.168.39.0/24 on a tunnel interface. (this is a site-to-site tunnel between 1 SSG5)

Any help would stop me from losing more hair.

Best,

Tamas

-----Original Message-----
From: vpn-help-bounces at lists.shrew.net [mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of kevin shrew-vpn
Sent: Tuesday, June 29, 2010 4:37 AM
To: vpn-help at lists.shrew.net
Subject: Re: [vpn-help] Connect to multiple networks with one VPN connection

On Mon, 28 Jun 2010 18:37:59 +0000
Uracs Tamás <uracs.tamas at peetandcook.hu> wrote:

> Hi Kevin,
> 
> Thank You for the answer. Our luck is that the two net is in the same 
> 'trust' zone. I created a second policy, but I don't know what did
> wrong: I can connect with only one policy at the same time. Could You 
> give me a guide how to change the mask?
> 

Hi Tamas, I just though of the reason why you can only connect to one of the VPNs at a time.

In the SSG, when you create a user, by default it only allows one concurrent login with the same account.  You can see this in the following image from the SSG Howto:
http://www.shrew.net/static/howto/JuniperSsg/ssg-9.jpg

It says "Number of Multiple Logins with the Same ID: 1."  If you change that to 2 or more, you may find that you can connect to both VPNs at the same time.
_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
http://lists.shrew.net/mailman/listinfo/vpn-help


More information about the vpn-help mailing list