It's a deal! -ASB: http://XeeSM.com/AndrewBaker
Sent from my Motorola Droid On Sep 17, 2010 8:03 AM, "Erik Goldoff" <[email protected]> wrote: > Erik Goldoff would like to recall this message “ RE: Juniper VPN Tunnel > Query “ > > > > But as well all know, that capability does not exist within Outlook’s SMTP > messaging, so instead, please limit the forthcoming derision and ridicule to > a fun, jovial nature appropriate for a Friday J > > > > Erik Goldoff > > IT Consultant > > Systems, Networks, & Security > > ' Security is an ongoing process, not a one time event ! ' > > From: Erik Goldoff [mailto:[email protected]] > Sent: Friday, September 17, 2010 7:49 AM > To: NT System Admin Issues > Subject: RE: Juniper VPN Tunnel Query > > > > OK, at site B you set up a static route > > 10.60.1.1 255.255.255.255 -> 192.168.99.1 - so that all site B > computers know how to get to the main firewall via the local firewall ( the > local firewall will know to traverse the VPN and not the public internet ) > > > > Also at site B you set up a default gateway route > > 0.0.0.0 0.0.0.0 -> 10.60.1.1 so that all default traffic goes to the > main site. > > > > > > Alternatively, you could put a static route in the remote Juniper to locate > the public IP of the Main firewall via the remote internet/public port > address ( to facilitate the tunnel ) and a default gateway in the remote > Juniper to the main firewall at 10.60.1.1 > > This way, ONLY the traffic to create the tunnel will travel the internet > connection on the remote Juniper, and ALL OTHER traffic is forced over the > tunnel. This would complicate any remote configuration/access to the > Juniper at 192.168.99.1 except from within the main site > > Erik Goldoff > > IT Consultant > > Systems, Networks, & Security > > ' Security is an ongoing process, not a one time event ! ' > > From: Paul Hutchings [mailto:[email protected]] > Sent: Friday, September 17, 2010 7:35 AM > To: NT System Admin Issues > Subject: RE: Juniper VPN Tunnel Query > > > > Erik can you expand a little please? > > > > Site A (main site) 10.60.0.0/16 main firewall IP of 10.60.1.1 > > > > Site B (remote site) 192.168.99.0/24 – junipers LAN IP is 192.168.99.1 > > > > At Site B right now everyone’s default gateway would be 192.168.99.1 but the > VPN tunnels all traffic for 10.60.0.0/16 over the tunnel1.interface to the > firewall at site B. > > > > Whilst I get what VPN’s are/what they do I’ve not had much hands on and each > vendor seems to do the same thing a slightly different way. > > > > Thanks, > > Paul > > > > From: Erik Goldoff [mailto:[email protected]] > Sent: 17 September 2010 12:31 > To: NT System Admin Issues > Subject: RE: Juniper VPN Tunnel Query > > > > Static route on the local systems for the remote ‘main’ firewall/internet > via the local IP of your local Juniper, and a default gateway on local > systems pointing to that remote main firewall ? > > > > Erik Goldoff > > IT Consultant > > Systems, Networks, & Security > > ' Security is an ongoing process, not a one time event ! ' > > From: Paul Hutchings [mailto:[email protected]] > Sent: Friday, September 17, 2010 7:16 AM > To: NT System Admin Issues > Subject: Juniper VPN Tunnel Query > > > > I’m testing a VPN tunnel between what will be two sites. > > > > I have the tunnel working just fine between Site A and Site B using a route > based VPN, however what I want to do is configure it so that in Site B any > traffic for 0.0.0.0 goes over the tunnel so it goes out to the Internet via > our main firewall/internet connection. > > > > I’m struggling a little on how to configure the Juniper (an SSG running > ScreenOS 6.3.x) to do this as its default gateway for 0.0.0.0 is of course > the router to the ISP. > > > > Thanks. > > _____ > > MIRA Ltd > > > > Watling Street, Nuneaton, Warwickshire, CV10 0TU, England > > Registered in England and Wales No. 402570 > > VAT Registration GB 114 5409 96 > > > > The contents of this e-mail are confidential and are solely for the use of > the intended recipient. If you receive this e-mail in error, please delete > it and notify us either by e-mail, telephone or fax. You should not copy, > forward or otherwise disclose the content of the e-mail as this is > prohibited. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
