Sounds like you've got most of it set up. If your tunnel interface is bound to the Trust zone and you haven't enabled the blocking of Intra-Zone traffic 'Network > Zones > Edit Trust Zone', then you don't need policy. If that's the case then it's most likely a routing issue... can you display the relevant config bits for the tunnel config, interfaces, zones, routing, and policy?
Stefan Fouant On Sat, May 17, 2008 at 12:07 PM, sunnyday <[EMAIL PROTECTED]> wrote: > I have only the default virtual routers the untrust zone is in trust vr > I have configured the vpn and a bidirectional policy: > from untrust to trust > source dialup vpn destination any > action tunnel > what do I need to configure next to have access to the local network? > > -----Original Message----- > From: Stefan Fouant [mailto:[EMAIL PROTECTED] > Sent: Saturday, May 17, 2008 6:58 PM > To: sunnyday > Cc: Juniper-Nsp; [EMAIL PROTECTED] > Subject: Re: [j-nsp] Netscreen vpn > > There is just not enough information supplied to determine the > problem. Is the tunnel interface bound to the Trust zone, or the > Untrust zone? If it's bound to the Trust zone and you haven't > explicity blocked intrazone traffic then you don't need a policy. Are > you using any other Virtual-Routers other than the Trust-VR? If so, > you'll need to configure Inter-VR routing. Have you enabled ping on > the Trust interface? I think it's enabled by default on the Trust > interface but you might want to double check. Can you describe your > configuration in more detail? > > Stefan Fouant > > On Sat, May 17, 2008 at 6:02 AM, sunnyday <[EMAIL PROTECTED]> wrote: >> >> >> Hello I have configured a dialup vpn and successfully created the tunnel > and >> received ip address but I cannot manage to ping the netscreen`s >> >> Trust interface. The ip address the vpn has is 10.250.250.1 and the trust >> interface is 192.168.10.1. I tried with static routes and policies >> >> With no result can you please help me out with this one? >> >> Thank you >> >> _______________________________________________ >> juniper-nsp mailing list [email protected] >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> > > _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
