[vpn-help] The Juniper Configuration, resolution for policy setting

Atsushi SAIJO [Open Database Associates bvba] asaijo at open-dba.com
Wed Sep 29 03:46:40 CDT 2010


I am grateful if you could add small note in the Juniper SSG section for
small discovery on SSG firewall side. It would be appreciated if you could
add small note in the configuration setting about below

 

[Original Issue]

There has been issues and reports about 'unable to ping behind the
firewall'. 

 

[Cause]

{1} 'source translation' was not ticked in the policy setting in the dialup
VPN. (Policy > Advanced)

{2} IP pool must be different from the target IP subnet. 

 

If this is not done, user can ping the firewall interface itself, but cannot
ping further. (In Juniper Forum, there are similar report unable to ping
behind firewall. I will reply to these posts). 

 

 

[Resolution-1]

Source Translation must be ticked in the Juniper SSG. (I attached the
screenshot to this email.) 

 

[Resolution-2]

IP Pool must be configured that target IP subnet and IP Pool is different.
If we aim for 10.7.4.0/24, we should be using something different IP subnet.

 

I would appreciate if you could reflect above discovery so that a new user,
who attempt configuring ShrewVPN with Juniper SSG, has smooth integration. 

 

With Best Regard

 

Atsushi SAIJO, 

J2EE Enterprise Development

Open Database Associates bvba

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20100929/ecf705eb/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Scn_01 Sep. 29 10.42.jpg
Type: image/jpeg
Size: 104242 bytes
Desc: not available
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20100929/ecf705eb/attachment.jpg>


More information about the vpn-help mailing list