Netscreen10-VPN

[David Gillett]

  Are the NetScreens in transparent mode?

  What I'd really like to see is the port IP/mask/gateway settings for hosts
1 & 2 and NetScreens 1 & 2 (both interfaces).  And recall that it isn't just
the content of the policies, but also their *order* that is important....

David Gillett
Senior Network Engineer
(650) 701-2702
Niku Corp. "Transforming the Service Economy"



-----Original Message-----
From: VPN Mailing List [mailto:VPN at SECURITYFOCUS.COM]On Behalf Of L.
David Leija
Sent: Wednesday, March 07, 2001 5:05 PM
To: VPN at SECURITYFOCUS.COM
Subject: Netscreen10-VPN


Labsetup Visual Description:-
[Host1]-{Lan1}-[Netscreen1]-{VPN_Over_X-Over_Cable}-[Netscreen2]-{Lan2}-[Hos
t2]

Labsetup Verbal Description:-
2 Netscreen boxes with their untrusted interfaces connected with a
cross-over cable.
Hosts each are connected to the trusted inteface of each Netscreen box.
Manual Key VPN configured between LAN1 and LAN2

What works:-
I can ping from Host2 to the untrusted interface of Netscreen1
I can ping from Host2 to the trusted interface of Netscreen1
I can ping from Host2 to the interface of Host1
I can telnet from Host2 to the interface of Host1

What doesn't work:-
I cannot ping from Host1 to the untrusted interface of Netscreen2
I cannot ping from Host1 to the trusted interface of Netscreen2
I cannot ping from Host1 to the interface of Host2
I cannot telnet from Host1 to the interface of Host2

Additional:-
I haven't noticed anything that obvious in the Netscreen routing tables. If
there were a routing problem, I doubt the icmp replies would find thier way
back to Host2 on pinging Host1. Is there some policy issue that I'm missing?
I can't understand why only 1/2 of the tunnel works. That just doesn't make
any sense. TIA


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM