Hi Henrik,
In the rules/policy section: try defining your internal address block (i.e
"trusted LAN") in the address book and using that as opposed to "inside
any". I've had trouble with this in some OS versions.
byron
-----Original Message-----
From: Henrik Grankvist [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 09, 2001 9:06 AM
To: [EMAIL PROTECTED]
Subject: Netscreen 5XP problem....
Hello!
I'm having some trouble getting a vpn connection to work with NS5XP in
transparent mode. I know that it only works with manual keys, and therefore
I have set up a connection using the tutorial from Netscreen.
But I can't get it to work, when I for instance ping the internal server
(the one that I should protect) it seems like the server can't answer back
to the Netscreen remote computer. I have discovered this by analysing the
packets that are in transit behind the NS5XP I get icmp error messages host
unreachable from the inside..
The rules that I'm using is as follows:
outbound; Inside any , outside any, permit.
inbound: 1 Dialup-VPN, private server, tunnel.
2 Outside any, inside any, deny.
Here is the physical configuration:
NS_Remote <-------> NS5XP (in transparent mode) <------> Plain text server
I really hope that someone knows something about this problem and could give
me som info on the subject......
Kind regards
Henrik Grankvist
Student
[EMAIL PROTECTED]
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
