[vpn-help] Problem with tunnel from Shrewsoft Client to Juniper NS 5GT
Johan Schröder
mail at johnny.eu
Tue Oct 18 02:13:50 CDT 2011
Hello Kevin,
thank you! That solved my problem. It was the second thing you've
mentioned. I changed the IP net of the IP pool to 192.168.1.x/24 and
now it works.
Regards, Johan
Zitat von Kevin VPN <kvpn at live.com>:
> On 10/15/2011 07:39 AM, Johan Schröder wrote:
>> Hello there,
>>
>> I've a problem with a VPN tunnel using the Shrewsoft VPN-Client (current
>> windows version) and a Juniper Netscreen 5GT (OS 5.4.0.r8) on a WIndows
>> 7 system. I've configured the client and the gateway as described at
>> http://www.shrew.net/support/wiki/HowtoJuniperSsg.
>>
>> The tunnel established without problems and my client gets an local IP
>> address from the right IP Pool on the netscreen. The problem is that no
>> machine in the VPN LAN could be reached, not even a ping. Only a ping to
>> my machine and to the gateway (Netscreen) IP address is successfully.
>>
>> When I try ipconfig /all, I get these values
>>
>> IPv4 address . . . . . . . . . . : 192.168.0.240(Vorläufig)
>> Subnetmaske . . . . . . . . . . : 255.255.255.255
>> Default gateway . . . . . . . . . :
>>
>> The IP net on the getway side is 192.168.0.0/24.
>>
>> It seems to my that there could might be problem, because of the given
>> subnetmask (I think it should be /24 and not /32) and there is no
>> default gateway assigned.
>>
>
> Hi Johan,
>
> First, to answer your question about the subnetmask, /32 is typical.
> What happens is that there is a point-to-point connection (the
> tunnel) made between the Shrew client and the gateway, your PC
> doesn't really get an IP on the destination network.
>
> Second, it appears that you are having the 5GT assign an IP in a
> subnet range that overlaps the protected network, and that will not
> work. You should reconfigure the 5GT to give out an IP in a
> different subnet than the 192.168.0.0/24 protected network. For
> instance use 192.168.1.0/24 - remember to adjust your policies to
> use the new addresses if necessary.
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-help
More information about the vpn-help
mailing list