INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

SSG to PIX Route based VPN

SSG to PIX Route based VPN

(OP)
Does any on know if a route based VPN can be setup between a Cisco PIX IOS 6.3 and a Juniper SSG520

RE: SSG to PIX Route based VPN

Its should be able to do a site-to-site (if thats what you're refering to as route based). I've only done checkpoint to PIX before, but I'm planning on doing a SSG to PIX in the next couple of months and was told by Juniper it wasn't a problem.

RE: SSG to PIX Route based VPN

Pix 6.35, NS5200 with multiple zones.

I did the convertion from policy based to route based but I am having problem below:

-If you have one zone with one subnet in the Netscreen vpn to one subnet on the Pix than that is no problem.

-If you have two or more zones or more than 2 subnets in the Netscren site, then I think there is problem.  The Netscreen is relying on the NHTB (next hop table binding).  I tried many times also Netscreen Tech support won't help much; I have more than three Netscreen Engineers but nobody for sure it will work.

-If some one can make route based vpn between Netsreen and PIX, with Netscreen has more than one zone, please let us know.

Thank You.

RE: SSG to PIX Route based VPN

Hi,

Are you using policy VPNs?
Routed VPNs reduce the use of CPU processing time.
I believe you should be able to do that between a Netscreen and PIX.

You just have to match the right IPSEC parameters since each equipment has different default fields configured.

Regards,

Antonio  

RE: SSG to PIX Route based VPN

You cannot do a route-based VPN between Netscreen and Cisco. You have to use policy-based VPN.

RE: SSG to PIX Route based VPN

We had problems with PIX to Netscreen VPNs route based we eventually discovered it was down to having the VPN monitor on the Netscreen stopped the phase 2 negoiation working try switching that off its on

RE: SSG to PIX Route based VPN

Hi,

I agree with Yarzie.  Try removing the VPN Monitor.  We use the VPN Monitor to help with multiple VPN's bound to the same Tunnel Interface (NHTB).  For our Cisco Pix sites, we use Policy Based VPN's.  If you have multiple zones, configure a Policy Based VPN in the zone of termination (Trust to Untrust and Untrust to Trust).

Rgds,

John

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close