SSG-140 - DialUP-VPN, Problems accessing remote tunnel destination from mobile
wayne_juckts last edited by
my Firewall itself has two active interfaces (the public interface e.g. x.x.x.x and the private one, 192.168.1.2/24). Furthermore there is an active site-to-site-vpn configured between the ssg and another hardware firewall device (the subnet 10.0.0.0/8 is behind the “other hardware firewall”). On the SSG there is a static route for 10.0.0.0/8 which are needed to reach the subnet from the SSG trust zone. So far so good, the mobile VPN is working so far, I am able to ping all active machines within the 192.168.1.0/24 subnet (trust).
I’ve created the DialUP-VPN-Setup on behalf of those documents:
So far so goot, but now comes the problem. I want to access addresses within 10.0.0.0/8 from the dialup-vpn-client. Therefor I’ve duplicated the Policy for the 192.168.1.0/24 network. Traffic from the mobile Client initiates the VPN, it’s successfully established. For accessing another Remote Subnet at the same time I’ve followed those instructions: http://forums.cabling-design.com/vpn/Static-route-through-Netscreen-Remote-can-it-be-done-485-.htm
Well, Traffic to 10.0.0.0/8 also initiates the VPN, it’s also successfully established. But the traffic to 10.0.0.0/8 is denied by the newly created policy. I’ve attached an Image.
I have no clue, why the policy denies traffic to 10.0.0.0/8.
Any help is appreciated.