OK, apologies, coffee just kicking in here, quite a few hours earlier than where you are.
Possibly a better method using the Juniper policies. In your Trust to Untrust, or Trust to Global policies Create an ANY-ANY-ANY-TUNNEL ( Source Destination Service Action ) using the tunnel created between sites. For any device on the remote subnet that needs direct access, create a policy with ANY-ANY-ANY-Permit and place it above this any-any-any-tunnel rule Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' From: Paul Hutchings [mailto:[email protected]] Sent: Friday, September 17, 2010 7:16 AM To: NT System Admin Issues Subject: Juniper VPN Tunnel Query I’m testing a VPN tunnel between what will be two sites. I have the tunnel working just fine between Site A and Site B using a route based VPN, however what I want to do is configure it so that in Site B any traffic for 0.0.0.0 goes over the tunnel so it goes out to the Internet via our main firewall/internet connection. I’m struggling a little on how to configure the Juniper (an SSG running ScreenOS 6.3.x) to do this as its default gateway for 0.0.0.0 is of course the router to the ISP. Thanks. _____ MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
