[vpn-help] Juniper SSG HowTo Subnet Mask

Lars Vik lars at 3056.net
Sat Mar 2 14:15:34 CST 2013

OK, I am just trying to understand what you are trying to accomplish. It 
is from the VPN client you want to ping/access the devices on the subnet 
from, right? Usually, well at least on SSG, you have security zones, 
trust, dmz, untrust, etc. The VPN clients will come from the untrust 
zone. You will need to use a different subnet for the VPN clients, and 
add policies to allow traffic from untrust (VPN-dialup) to (and from) 
the different zones and subnets. You can set granular access on 
tunnels/IKE level.

On 02.03.2013 20:17, info wrote:
> For tech support purposes I need to "see" or be able to ping all 
> devices on the subnet. They typically have web browser interfaces, and 
> plugging in 10.1.X.YY for example, will take me right there for me to 
> access.
> -Dennis
> -------- Original Message --------
>> Why would you want anything but a /32 to a VPN client IP?
>> Sent from my iPhone
>> On 2. mars 2013, at 17:44, info <info at customautomation.com 
>> <mailto:info at customautomation.com>> wrote:
>>> Hello All,
>>> I just implemented the SSG HowTo, using a Juniper SSG5 and Shrew VPN 
>>> Client 2.1.7, and it works as advertised thank you. The rub is that 
>>> the assigned IP address coming from the SSG IP Pool to my PC has a 
>>> subnet mask of I'd like it to be I 
>>> assume this is controlled by the SSG, but don't see an obvious 
>>> setting for it. Anybody have suggestions?
>>> Thanks,
>>> -Dennis
>>> _______________________________________________
>>> vpn-help mailing list
>>> vpn-help at lists.shrew.net <mailto:vpn-help at lists.shrew.net>
>>> https://lists.shrew.net/mailman/listinfo/vpn-help

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20130302/7e7969c2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4444 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20130302/7e7969c2/attachment.bin>

More information about the vpn-help mailing list