INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Juniper SSG5 and Linksys BEFSX41 VPN

Juniper SSG5 and Linksys BEFSX41 VPN

(OP)
I have established a VPN with a Linksys BEFSX41 ver2 and a Juniper box. The Linksys is on a 10.x.x.x subnet and the Juniper is on a 172.16.x.x subnet. Basically, I can ping a computer from the Linksys side to the Juniper side, but not the other way.

IE:
ping 172.16.10.x - DOES WORK
ping 10.10.10.x - DOES NOT WORK

The VPN is setup with the appropriate Local/remote addresses and setting to create the VPN. Both devices show the VPN as connected.

I can confirm that traffic is being set from both VPN boxes from the logs. The Juniper shows the type of traffic and the number of bytes sent to the VPN tunnel. The Linksys does not show any incoming traffic on the tunnel. Obviously, the tunnel is established, otherwise I would not be able to ping anything. All firewall options on the Linksys are turned off. Do I need to add a static route?

David

RE: Juniper SSG5 and Linksys BEFSX41 VPN

Hello,

Did you configure a Route Based or Policy Based Netscreen VPN?  If you have a Route Based VPN w/ Tunnel Interfaces, you will need a static route.  If all else fails, I would try a debug on the Netscreen to see if the traffic is being encrypted via the correct tunnel.

Rgds,

John

RE: Juniper SSG5 and Linksys BEFSX41 VPN

(OP)
I created a policy based VPN. I setup a tunnel interface and bound the VPN to that tunnel. I then created the proper policies to allow access to the subnets via the trust and untrust. I have already added a static route on the juniper for 10.10.10.0/24. The juniper trust is 172.16.10.0/24. How would I create a static route in the BEFSX41? Basically the only options are the standard ip/subnet/gateway and port. Would the port be WAN or LAN for the BEFSX41?

RE: Juniper SSG5 and Linksys BEFSX41 VPN

Hi,

Can you paste the output from "get route" on the Netscreen?  I don't think the Linksys requires a static route.

Rgds,

John

RE: Juniper SSG5 and Linksys BEFSX41 VPN

if you created a policy based VPN, you will need to create address book entries on the netscreen for both devices.

FROGGYJ
A+,N+,CST,CNCT,MCP
http://www.EdmontonSportRiderz.com

RE: Juniper SSG5 and Linksys BEFSX41 VPN

(OP)
I never did get a solution on this project.  I created a policy based vpn on the Juniper with the appropriate entries for the following:  Address books, destination route, tunnel interface, untrust to trust policy, and trust to untrust policy.

The VPN was established as was reported as such by the Juniper AND the Linksys, therefore all VPN settings were correct.  I do not have the "get route" information now because the Linksys is not setup, however, I can say that the information was correct and did point in the proper direction.

After about a week, I got an old Netgear FVS114 out of the drawer and with the EXACT same settings from the Linksys connected to the Juniper in under 5min.  I did not change a single setting on the Juniper.  Never have liked Linksys.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close