Netscreen10-VPN
Byron Kennedy
byron at MARKETTOOLS.COM
Thu Mar 8 01:30:56 EST 2001
I assume vpn is gateway-to-gateway, and not Client-to-gateway, that is the
clients aren't using netscreen remote are they?
Are both Netscreen's configured the same in terms of:
1. Definitions of the tunnels
2. Policies inbound and outbound for the tunnel
Can host1 ping untrusted interface of Netscreen1?
Can host1 ping trusted interface of Netscreen1?
I'd compare the two config's because one of the tunnels is obviously
working, unless your just routing traffic unencrypted across the wire.
my thoughts.byron
-----Original Message-----
From: L. David Leija [mailto:ldl1971 at HOTMAIL.COM]
Sent: Wednesday, March 07, 2001 5:05 PM
To: VPN at SECURITYFOCUS.COM
Subject: Netscreen10-VPN
Labsetup Visual Description:-
[Host1]-{Lan1}-[Netscreen1]-{VPN_Over_X-Over_Cable}-[Netscreen2]-{Lan2}-[Hos
t2]
Labsetup Verbal Description:-
2 Netscreen boxes with their untrusted interfaces connected with a
cross-over cable.
Hosts each are connected to the trusted inteface of each Netscreen box.
Manual Key VPN configured between LAN1 and LAN2
What works:-
I can ping from Host2 to the untrusted interface of Netscreen1
I can ping from Host2 to the trusted interface of Netscreen1
I can ping from Host2 to the interface of Host1
I can telnet from Host2 to the interface of Host1
What doesn't work:-
I cannot ping from Host1 to the untrusted interface of Netscreen2
I cannot ping from Host1 to the trusted interface of Netscreen2
I cannot ping from Host1 to the interface of Host2
I cannot telnet from Host1 to the interface of Host2
Additional:-
I haven't noticed anything that obvious in the Netscreen routing tables. If
there were a routing problem, I doubt the icmp replies would find thier way
back to Host2 on pinging Host1. Is there some policy issue that I'm missing?
I can't understand why only 1/2 of the tunnel works. That just doesn't make
any sense. TIA
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
VPN is sponsored by SecurityFocus.COM
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list