[vpn-help] local lan access

kevin vpn klmlk at hotmail.com
Thu Jan 13 20:27:00 CST 2011

On Thu, 13 Jan 2011 08:47:14 +0100
Romain De Rasse <r.derasse at yahoo.fr> wrote:

> Hi,
> I'm setting up an  IPSec VPN tunnel with a Juniper SSG140 appliance
> and I'm having an issue. The Juniper type of IPSec VPN is route-based
> Dialup VPN.
> When the client device is connected to the VPN, it's still able to 
> access the local LAN even if I use an "IPsec Policy Manual 
> Configuration" along with this "Topology Entry" :
> - Type : Include
> - Address :
> - Netmask :
> Is there a way to prevent the connected client device from accessing
> the local LAN ?

Hi roms,

When you do a route-based VPN on NetScreen, that can be made into a
bi-directional tunnel.  You should try doing a traceroute (tracert in
Windows CMD prompt) to see if your traffic is actually going out to the
gateway and then coming back. If that is what is happening, then you
need to put a rule preventing the local LAN access on the NetScreen.

Alternatively, is there a chance that you have both a wired and
wireless connection on your PC, and that the local LAN access is
happening via the other adapter?

More information about the vpn-help mailing list