NetScreen-Remote VPN Client Software to NS-5GT with static IP



  • I have the vpn tunnel up and working from the client laptop to the NS-5GT but when connected to the vpn I am unable to access the internet due to the connection trying to use the current LAN tcp/ip settings.  I have read that there is some way to have the netscreen assign a virtual interface for the remote / dialup user (basically some DHCP settings just for the VPN connection) but have not seen any documentation on how to set this up.
    Any help would be greatly appreciated.  A walk through such as the one just posted regarding a netscreen to netscreen vpn connection setup but for remote software to netscreen with the use of a virtual interface would be a great too.  Could be a good “sticky” for the community here.
    Thanks for the help in advance. :mrgreen:



  • Ok thanks for the point in the right direction.  Now i can get connected to the vpn tunnel using xauth and get a virtual interface.  Still cant access the internet while connected tough. Here is some additional info
    5GT LAN IP= 192.168.1.1
    IP Pool assigned to xauth = 192.168.5.1 - 192.168.5.10
    Policy Created (untrust to trust)= Dial-Up VPN –> 192.168.1.0/24

    When I get an IP address for the virtual interface I get 192.168.5.1 but the subnet mask is listed as 255.255.255.255
    I can access webpages via IP address while connected to the VPN and If I change my ethernet connections dns to the dns that is assigned by xauth I am able to connect to webpages.

    Any help would be great. :mrgreen:



  • Florent is right. It’s well documented. Please check either the Juniper KB or the documentation for ScreenOS. Here is a link to one of the articles on the Juniper KB:

    http://kb.juniper.net/CUSTOMERSERVICE/index?page=kbdetail&record_id=0244022611e8310108012c3c19019a2

    regards


  • Engineer

    Configure xauth and use IPpool. THis is basic config which is already well documented


 

38
Online

38.4k
Users

12.7k
Topics

44.5k
Posts