Hi All, sorry for coming with this again, but what Kevin suggested does not work for me. :-( I tried to add the second destination network to our Juniper SSG5 policy, the result is none of the 2 destination networks are reachable. If I add a second Dial Up VPN policy with the same IKE tunnel settings, then the in the second policy's log I see only traffic denied message. I don't use any proxy ID in our system.
My goal would be: -create a dial up vpn, with witch we can reach 2 IP subnet. 192.168.3.0/24 on a local interface, and a 192.168.39.0/24 on a tunnel interface. (this is a site-to-site tunnel between 1 SSG5) Any help would stop me from losing more hair. Best, Tamas -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of kevin shrew-vpn Sent: Tuesday, June 29, 2010 4:37 AM To: [email protected] Subject: Re: [vpn-help] Connect to multiple networks with one VPN connection On Mon, 28 Jun 2010 18:37:59 +0000 Uracs Tamás <[email protected]> wrote: > Hi Kevin, > > Thank You for the answer. Our luck is that the two net is in the same > 'trust' zone. I created a second policy, but I don't know what did > wrong: I can connect with only one policy at the same time. Could You > give me a guide how to change the mask? > Hi Tamas, I just though of the reason why you can only connect to one of the VPNs at a time. In the SSG, when you create a user, by default it only allows one concurrent login with the same account. You can see this in the following image from the SSG Howto: http://www.shrew.net/static/howto/JuniperSsg/ssg-9.jpg It says "Number of Multiple Logins with the Same ID: 1." If you change that to 2 or more, you may find that you can connect to both VPNs at the same time. _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
