Hi folks, I've hooked the client (version 2.2.0) up to our Juniper NS5GT, and it's working beautifully - except that one of my two policies isn't passing traffic.
The NS5 is connected to two locations: 1. Our office LAN, 192.168.168/24 - I can ping from the client to machines in this network 2. To another Juniper at another office (via a tunnel), which has a LAN which looks like 192.168.22/24 - this is the one that fails My policy for (2) above is: from Untrust To Trust, 192.168.22.0/24, ANY. I was thinking it was a policy problem at the Juniper end, but I'm confused by the output of tracert. For (1) above, it is: 1 431 ms 479 ms 519 ms a.b.c.d.juniper.ip [a.b.c.d] 2 527 ms 465 ms 407 ms mymachine.network.A.local [192.168.168.5] ...which looks correct. For (2), it is: Tracing route to mymachine.networkB.local [192.168.22.8] over a maximum of 10 hops: 1 * * * Request timed out. 2 * * * Request timed out. (and so on, until the max hops are reached). My Shrew client has policies of 192.168.22.0/255.255.255.0/INCLUDE 192.168.168.0/255.255.255.0/INCLUDE So my first question is, if the client policy is set right, shouldn't it be hitting the Juniper as the first hop, even if the rest of it fails? Thanks, Geoff
_______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
