Netscreen10-VPN

Byron Kennedy byron at MARKETTOOLS.COM
Thu Mar 8 01:30:56 EST 2001 

I assume vpn is gateway-to-gateway, and not Client-to-gateway, that is the
clients aren't using netscreen remote are they?

Are both Netscreen's configured the same in terms of:

1. Definitions of the tunnels
2. Policies inbound and outbound for the tunnel

Can host1 ping untrusted interface of Netscreen1?
Can host1 ping trusted interface of Netscreen1?

I'd compare the two config's because one of the tunnels is obviously
working, unless your just routing traffic unencrypted across the wire.


my thoughts.byron


-----Original Message-----
From: L. David Leija [mailto:ldl1971 at HOTMAIL.COM]
Sent: Wednesday, March 07, 2001 5:05 PM
To: VPN at SECURITYFOCUS.COM
Subject: Netscreen10-VPN


Labsetup Visual Description:-
[Host1]-{Lan1}-[Netscreen1]-{VPN_Over_X-Over_Cable}-[Netscreen2]-{Lan2}-[Hos
t2]

Labsetup Verbal Description:-
2 Netscreen boxes with their untrusted interfaces connected with a
cross-over cable.
Hosts each are connected to the trusted inteface of each Netscreen box.
Manual Key VPN configured between LAN1 and LAN2

What works:-
I can ping from Host2 to the untrusted interface of Netscreen1
I can ping from Host2 to the trusted interface of Netscreen1
I can ping from Host2 to the interface of Host1
I can telnet from Host2 to the interface of Host1

What doesn't work:-
I cannot ping from Host1 to the untrusted interface of Netscreen2
I cannot ping from Host1 to the trusted interface of Netscreen2
I cannot ping from Host1 to the interface of Host2
I cannot telnet from Host1 to the interface of Host2

Additional:-
I haven't noticed anything that obvious in the Netscreen routing tables. If
there were a routing problem, I doubt the icmp replies would find thier way
back to Host2 on pinging Host1. Is there some policy issue that I'm missing?
I can't understand why only 1/2 of the tunnel works. That just doesn't make
any sense. TIA


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list