[vpn-help] Juniper SSG HowTo Subnet Mask

Lars Vik lars at 3056.net
Sat Mar 2 14:32:41 CST 2013 

Let me rephrase, each VPN client will be in its own /32 subnet, i.e. one 
IP, but several clients/IP's can belong to an IKE. The SSG VPN server 
will take care of the routing for you. But you have to assign policies 
to each IKE to be able to communicate with the remote subnet/zones, be 
it ping or "Any" access. Hope it makes sense.

On 02.03.2013 21:15, Lars Vik wrote:
> OK, I am just trying to understand what you are trying to accomplish. 
> It is from the VPN client you want to ping/access the devices on the 
> subnet from, right? Usually, well at least on SSG, you have security 
> zones, trust, dmz, untrust, etc. The VPN clients will come from the 
> untrust zone. You will need to use a different subnet for the VPN 
> clients, and add policies to allow traffic from untrust (VPN-dialup) 
> to (and from) the different zones and subnets. You can set granular 
> access on tunnels/IKE level.
>
> On 02.03.2013 20:17, info wrote:
>> For tech support purposes I need to "see" or be able to ping all 
>> devices on the subnet. They typically have web browser interfaces, 
>> and plugging in 10.1.X.YY for example, will take me right there for 
>> me to access.
>>
>> -Dennis
>>
>>
>> -------- Original Message --------
>>> Why would you want anything but a /32 to a VPN client IP?
>>>
>>> Sent from my iPhone
>>>
>>> On 2. mars 2013, at 17:44, info <info at customautomation.com 
>>> <mailto:info at customautomation.com>> wrote:
>>>
>>>> Hello All,
>>>>
>>>> I just implemented the SSG HowTo, using a Juniper SSG5 and Shrew 
>>>> VPN Client 2.1.7, and it works as advertised thank you. The rub is 
>>>> that the assigned IP address coming from the SSG IP Pool to my PC 
>>>> has a subnet mask of 255.255.255.255. I'd like it to be 
>>>> 255.255.0.0. I assume this is controlled by the SSG, but don't see 
>>>> an obvious setting for it. Anybody have suggestions?
>>>>
>>>> Thanks,
>>>> -Dennis
>>>> _______________________________________________
>>>> vpn-help mailing list
>>>> vpn-help at lists.shrew.net <mailto:vpn-help at lists.shrew.net>
>>>> https://lists.shrew.net/mailman/listinfo/vpn-help
>>
>
>
>
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> https://lists.shrew.net/mailman/listinfo/vpn-help

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20130302/10e3df3b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4444 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20130302/10e3df3b/attachment-0001.bin>

More information about the vpn-help mailing list