Henrik,
I just configured an NS100 to NS5 VPN with both units in transparent
mode and I had to configure routes on both netscreens in order for
this to work.
The commands were:
set route 172.16.1.0 255.255.255.0 <cr>
(Where 172.16.1.0 was the internal network)
set route 0.0.0.0 0.0.0.0 gateway 172.16.1.254
(Where .254 was the external router).
Obviously I did the same thing for the remote netscreen (with it's
local network info).
I know what you're doing is slightly different but try adding a route
to the NS_Remote box.
Andy
Henrik Grankvist wrote:
>
> Hello!
>
> I'm having some trouble getting a vpn connection to work with NS5XP in
> transparent mode. I know that it only works with manual keys, and therefore
> I have set up a connection using the tutorial from Netscreen.
>
> But I can't get it to work, when I for instance ping the internal server
> (the one that I should protect) it seems like the server can't answer back
> to the Netscreen remote computer. I have discovered this by analysing the
> packets that are in transit behind the NS5XP I get icmp error messages host
> unreachable from the inside..
>
> The rules that I'm using is as follows:
>
> outbound; Inside any , outside any, permit.
>
> inbound: 1 Dialup-VPN, private server, tunnel.
> 2 Outside any, inside any, deny.
>
> Here is the physical configuration:
>
> NS_Remote <-------> NS5XP (in transparent mode) <------> Plain text server
>
> I really hope that someone knows something about this problem and could give
> me som info on the subject......
>
> Kind regards
>
> Henrik Grankvist
> Student
> [EMAIL PROTECTED]
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
