It's a deal!

-ASB: http://XeeSM.com/AndrewBaker

Sent from my Motorola Droid

On Sep 17, 2010 8:03 AM, "Erik Goldoff" <[email protected]> wrote:
> Erik Goldoff would like to recall this message “ RE: Juniper VPN Tunnel
> Query “
>
>
>
> But as well all know, that capability does not exist within Outlook’s SMTP
> messaging, so instead, please limit the forthcoming derision and ridicule
to
> a fun, jovial nature appropriate for a Friday J
>
>
>
> Erik Goldoff
>
> IT Consultant
>
> Systems, Networks, & Security
>
> ' Security is an ongoing process, not a one time event ! '
>
> From: Erik Goldoff [mailto:[email protected]]
> Sent: Friday, September 17, 2010 7:49 AM
> To: NT System Admin Issues
> Subject: RE: Juniper VPN Tunnel Query
>
>
>
> OK, at site B you set up a static route
>
> 10.60.1.1 255.255.255.255 -> 192.168.99.1 - so that all site B
> computers know how to get to the main firewall via the local firewall (
the
> local firewall will know to traverse the VPN and not the public internet )
>
>
>
> Also at site B you set up a default gateway route
>
> 0.0.0.0 0.0.0.0 -> 10.60.1.1 so that all default traffic goes to the
> main site.
>
>
>
>
>
> Alternatively, you could put a static route in the remote Juniper to
locate
> the public IP of the Main firewall via the remote internet/public port
> address ( to facilitate the tunnel ) and a default gateway in the remote
> Juniper to the main firewall at 10.60.1.1
>
> This way, ONLY the traffic to create the tunnel will travel the internet
> connection on the remote Juniper, and ALL OTHER traffic is forced over the
> tunnel. This would complicate any remote configuration/access to the
> Juniper at 192.168.99.1 except from within the main site
>
> Erik Goldoff
>
> IT Consultant
>
> Systems, Networks, & Security
>
> ' Security is an ongoing process, not a one time event ! '
>
> From: Paul Hutchings [mailto:[email protected]]
> Sent: Friday, September 17, 2010 7:35 AM
> To: NT System Admin Issues
> Subject: RE: Juniper VPN Tunnel Query
>
>
>
> Erik can you expand a little please?
>
>
>
> Site A (main site) 10.60.0.0/16 main firewall IP of 10.60.1.1
>
>
>
> Site B (remote site) 192.168.99.0/24 – junipers LAN IP is 192.168.99.1
>
>
>
> At Site B right now everyone’s default gateway would be 192.168.99.1 but
the
> VPN tunnels all traffic for 10.60.0.0/16 over the tunnel1.interface to the
> firewall at site B.
>
>
>
> Whilst I get what VPN’s are/what they do I’ve not had much hands on and
each
> vendor seems to do the same thing a slightly different way.
>
>
>
> Thanks,
>
> Paul
>
>
>
> From: Erik Goldoff [mailto:[email protected]]
> Sent: 17 September 2010 12:31
> To: NT System Admin Issues
> Subject: RE: Juniper VPN Tunnel Query
>
>
>
> Static route on the local systems for the remote ‘main’ firewall/internet
> via the local IP of your local Juniper, and a default gateway on local
> systems pointing to that remote main firewall ?
>
>
>
> Erik Goldoff
>
> IT Consultant
>
> Systems, Networks, & Security
>
> ' Security is an ongoing process, not a one time event ! '
>
> From: Paul Hutchings [mailto:[email protected]]
> Sent: Friday, September 17, 2010 7:16 AM
> To: NT System Admin Issues
> Subject: Juniper VPN Tunnel Query
>
>
>
> I’m testing a VPN tunnel between what will be two sites.
>
>
>
> I have the tunnel working just fine between Site A and Site B using a
route
> based VPN, however what I want to do is configure it so that in Site B any
> traffic for 0.0.0.0 goes over the tunnel so it goes out to the Internet
via
> our main firewall/internet connection.
>
>
>
> I’m struggling a little on how to configure the Juniper (an SSG running
> ScreenOS 6.3.x) to do this as its default gateway for 0.0.0.0 is of course
> the router to the ISP.
>
>
>
> Thanks.
>
> _____
>
> MIRA Ltd
>
>
>
> Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
>
> Registered in England and Wales No. 402570
>
> VAT Registration GB 114 5409 96
>
>
>
> The contents of this e-mail are confidential and are solely for the use of
> the intended recipient. If you receive this e-mail in error, please delete
> it and notify us either by e-mail, telephone or fax. You should not copy,
> forward or otherwise disclose the content of the e-mail as this is
> prohibited.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to [email protected]
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to [email protected]
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to [email protected]
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to [email protected]
> with the body: unsubscribe ntsysadmin
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to [email protected]
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin

Reply via email to