Re: [vpn-help] Problem with tunnel from Shrewsoft Client to Juniper NS 5GT

Tue, 18 Oct 2011 00:14:49 -0700 

Hello Kevin,
thank you! That solved my problem. It was the second thing you've mentioned. I changed the IP net of the IP pool to 192.168.1.x/24 and now it works. 

Regards, Johan

Zitat von Kevin VPN <[email protected]>:


On 10/15/2011 07:39 AM, Johan Schröder wrote:

Hello there,

I've a problem with a VPN tunnel using the Shrewsoft VPN-Client (current
windows version) and a Juniper Netscreen 5GT (OS 5.4.0.r8) on a WIndows
7 system. I've configured the client and the gateway as described at
http://www.shrew.net/support/wiki/HowtoJuniperSsg.

The tunnel established without problems and my client gets an local IP
address from the right IP Pool on the netscreen. The problem is that no
machine in the VPN LAN could be reached, not even a ping. Only a ping to
my machine and to the gateway (Netscreen) IP address is successfully.

When I try ipconfig /all, I get these values

IPv4 address . . . . . . . . . . : 192.168.0.240(Vorläufig)
Subnetmaske . . . . . . . . . . : 255.255.255.255
Default gateway . . . . . . . . . :

The IP net on the getway side is 192.168.0.0/24.

It seems to my that there could might be problem, because of the given
subnetmask (I think it should be /24 and not /32) and there is no
default gateway assigned.



Hi Johan,


First, to answer your question about the subnetmask, /32 is typical.  
What happens is that there is a point-to-point connection (the  
tunnel) made between the Shrew client and the gateway, your PC  
doesn't really get an IP on the destination network.



Second, it appears that you are having the 5GT assign an IP in a  
subnet range that overlaps the protected network, and that will not  
work.  You should reconfigure the 5GT to give out an IP in a  
different subnet than the 192.168.0.0/24 protected network.  For  
instance use 192.168.1.0/24 - remember to adjust your policies to  
use the new addresses if necessary.

_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help




_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help






















					Reply via email to