Hi Kevin, Thanks for response.
I kind of solve the problem. Below are some lessons I learnt so far: 1. The IP Pool in SSG20 shall be private add. for instance 172.16.90.1 which differs from my target private add. 192.168.11.0/24. 2. when tap0 is assigned with name server 192.168.11.20/192.168.11.1 I found I shall allow query from 172.16.0.0/16 and set recursion to yes in name server 192.168.11.20. So far so good but I am planning currently to setup another VPN user (who belongs to same department as previous one) to access SSG20. Should I create new Local Identity and Remote Identity peer or just create new Local Identity? Many thanks for attention. Eric > Date: Thu, 18 Apr 2013 23:06:57 -0400 > From: [email protected] > To: [email protected] > Subject: Re: [vpn-help] Shrew 2.17 on Ubuntu 12.04.2 LTS established with > Juniper SSG20 but can ping nowhere > > On 04/18/2013 03:04 AM, eric xu wrote: > > Hi All, > > > > As a new user I run into problem as described briefly in caption. More > > details is as follows: > > > > - Shrew Version: 2.17 complied on Ubuntu 12.04.2 LTS 32-bit (IBM T41) > > - Gateway: Juniper SSG20 Version: 6.2.0r5.0 (Firewall+VPN) > > - qikea shows "Established" > > - tap0 created but can ping nowhere into the private network > > (192.168.11.0/24) > > > > Ifconfig: > > eth0 Link encap:Ethernet HWaddr 00:0d:60:b2:ac:27 > > UP BROADCAST MULTICAST MTU:1500 Metric:1 > > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) > > > > eth1 Link encap:Ethernet HWaddr 00:0c:f1:40:6e:73 > > inet addr:117.128.171.xxx Bcast:117.128.171.63 > > Mask:255.255.255.192 > > inet6 addr: fe80::20c:f1ff:fe40:6e73/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:79181 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:69530 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:91427974 (91.4 MB) TX bytes:6226954 (6.2 MB) > > Interrupt:11 Base address:0x8000 Memory:c0214000-c0214fff > > > > lo Link encap:Local Loopback > > inet addr:127.0.0.1 Mask:255.0.0.0 > > inet6 addr: ::1/128 Scope:Host > > UP LOOPBACK RUNNING MTU:16436 Metric:1 > > RX packets:1708 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:1708 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:275161 (275.1 KB) TX bytes:275161 (275.1 KB) > > > > tap0 Link encap:Ethernet HWaddr e6:00:e5:3d:d4:17 > > inet addr:192.168.11.25 Bcast:192.168.11.25 > > Mask:255.255.255.255 > > inet6 addr: fe80::e400:e5ff:fe3d:d417/64 Scope:Link > > UP BROADCAST RUNNING MTU:1380 Metric:1 > > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:500 > > RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) > > > > route: > > > > Kernel IP routing table > > Destination Gateway Genmask Flags Metric Ref Use > > Iface > > default 117.128.171.1 0.0.0.0 UG 0 0 0 eth1 > > 117.128.171.0 * 255.255.255.192 U 2 0 0 eth1 > > 120.72.49.xxx 117.128.171.1 255.255.255.255 UGH 0 0 0 eth1 > > link-local * 255.255.0.0 U 1000 0 0 eth1 > > 192.168.11.0 192.168.11.25 255.255.255.0 UG 0 0 0 tap0 > > > > > > Hi Eric, > > Can you generate a log trace for us using the instructions below? > Please make sure the log_level is at debug. > https://www.shrew.net/support/VPN_Bug_Report_Unix > > > _______________________________________________ > vpn-help mailing list > [email protected] > https://lists.shrew.net/mailman/listinfo/vpn-help
_______________________________________________ vpn-help mailing list [email protected] https://lists.shrew.net/mailman/listinfo/vpn-help
