Can\’t ping dialup VPN hosts from Trust zone

290 pts.
Tags:
Firewall
Hi everyone, I've put in a new SSG520 (6.3.0r11.0) and have some remote users connected via a Dialup VPN. There are several remote users who are configured to have a static IP address. Hosts within the Trust zone need to be able to initiate connections with these remote connected hosts. While the remotely connected hosts have no problem communicating with the Trust zone, the hosts within the Trust zone cannot initiate a connection with the remote connected systems. If you need portions of the config just let me know what you're interested in as I'd rather not dump the whole config in this initial post. As far as I know this might just be some limitation with SSG. With regards to policy, currently I've added and any any rule for a host within the Trust zone to the dialup user zone so policy shouldn't be blocking. Any help or advice would be appreciated!

Software/Hardware used:
Juniper
ASKED: July 6, 2012  4:54 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 5  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • yans112112
    I've missed some more points.I have bidirectional rules that allows traffic between the two zones.And There is no NAT also.
    290 pointsBadges:
    report
  • mshen
    Have you verified that you have a route to your VPN zone?
    27,385 pointsBadges:
    report
  • aalansari
    Yes you have to check the routing and I think you have to NAT users to an address within the remote system
    5 pointsBadges:
    report
  • yans112112
    Thanks All, I've got it. There was no route to vpn zone..Regards,Srinivasa Peddi.
    290 pointsBadges:
    report
  • mshen
    Glad its working for you.  Thanks for the update.
    27,385 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following