[vpn-help] Problem with tunnel from Shrewsoft Client to Juniper NS 5GT

Kevin VPN kvpn at live.com
Mon Oct 17 22:08:45 CDT 2011


On 10/15/2011 07:39 AM, Johan Schröder wrote:
> Hello there,
>
> I've a problem with a VPN tunnel using the Shrewsoft VPN-Client (current
> windows version) and a Juniper Netscreen 5GT (OS 5.4.0.r8) on a WIndows
> 7 system. I've configured the client and the gateway as described at
> http://www.shrew.net/support/wiki/HowtoJuniperSsg.
>
> The tunnel established without problems and my client gets an local IP
> address from the right IP Pool on the netscreen. The problem is that no
> machine in the VPN LAN could be reached, not even a ping. Only a ping to
> my machine and to the gateway (Netscreen) IP address is successfully.
>
> When I try ipconfig /all, I get these values
>
> IPv4 address . . . . . . . . . . : 192.168.0.240(Vorläufig)
> Subnetmaske . . . . . . . . . . : 255.255.255.255
> Default gateway . . . . . . . . . :
>
> The IP net on the getway side is 192.168.0.0/24.
>
> It seems to my that there could might be problem, because of the given
> subnetmask (I think it should be /24 and not /32) and there is no
> default gateway assigned.
>

Hi Johan,

First, to answer your question about the subnetmask, /32 is typical. 
What happens is that there is a point-to-point connection (the tunnel) 
made between the Shrew client and the gateway, your PC doesn't really 
get an IP on the destination network.

Second, it appears that you are having the 5GT assign an IP in a subnet 
range that overlaps the protected network, and that will not work.  You 
should reconfigure the 5GT to give out an IP in a different subnet than 
the 192.168.0.0/24 protected network.  For instance use 192.168.1.0/24 - 
remember to adjust your policies to use the new addresses if necessary.



More information about the vpn-help mailing list