Thanks for your insight.
-Dennis
-------- Original Message --------
Let me rephrase, each VPN client will be in its own /32 subnet,
i.e. one IP, but several clients/IP's can belong to an IKE. The
SSG VPN server will take care of the routing for you. But you have
to assign policies to each IKE to be able to communicate with the
remote subnet/zones, be it ping or "Any" access. Hope it makes
sense.
On 02.03.2013 21:15, Lars Vik wrote:
OK, I am just trying to understand what you are trying to
accomplish. It is from the VPN client you want to ping/access
the devices on the subnet from, right? Usually, well at least on
SSG, you have security zones, trust, dmz, untrust, etc. The VPN
clients will come from the untrust zone. You will need to use a
different subnet for the VPN clients, and add policies to allow
traffic from untrust (VPN-dialup) to (and from) the different
zones and subnets. You can set granular access on tunnels/IKE
level.
On 02.03.2013 20:17, info wrote:
For tech support
purposes I need to "see" or be able to ping all devices on
the subnet. They typically have web browser interfaces, and
plugging in 10.1.X.YY for example, will take me right there
for me to access.
-Dennis
-------- Original Message --------
Why would you want
anything but a /32 to a VPN client IP?
Sent from my iPhone
Hello All,
I just implemented the SSG HowTo, using a Juniper SSG5
and Shrew VPN Client 2.1.7, and it works as advertised
thank you. The rub is that the assigned IP address
coming from the SSG IP Pool to my PC has a subnet mask
of 255.255.255.255. I'd like it to be 255.255.0.0. I
assume this is controlled by the SSG, but don't see an
obvious setting for it. Anybody have suggestions?
Thanks,
-Dennis
_______________________________________________
vpn-help mailing list
[email protected]
https://lists.shrew.net/mailman/listinfo/vpn-help
|
_______________________________________________
vpn-help mailing list
[email protected]
https://lists.shrew.net/mailman/listinfo/vpn-help
