shouldn't the any, any, PERMIT be changed to any, any, TUNNEL ? ( Edit the rule and change the action from PERMIT to TUNNEL ) At least that's the way I do it on the Juniper Netscreen 5GT, and I wouldn't think they'd change the syntax too badly with the new version (SSG) On Tue, Oct 20, 2009 at 9:44 AM, Cameron <[email protected]> wrote:
> Good morning all! > > Hardware - Juniper SSG-5 > > Situation - I've configured the firewall and can ping any internet IP and > surf just fine. I've created VPN tunnels to our head office from the remote > site and the tunnels come up fine (showing up on both ends) and yet I can't > pass any traffic through to either side. I can ping the public IP of the > firewalls no problem from the CLI on both sides. In place is the default > policy (Trust -> Untrust, Any, Any, Permit...and also put in place (temp!) > Untrust -> Trust, Any, Any, Permit). I spent well over 2 hours on the phone > with the Juniper Tech Support and they didn't get any further then I did. I > tried 2 brand new firewalls and got the same result on both. > > Any suggestions would be greatly appreciated as always! > > Cheers, > Cameron > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
