NetScreen-Remote VPN Client Software to NS-5GT with static IP

  • I have the vpn tunnel up and working from the client laptop to the NS-5GT but when connected to the vpn I am unable to access the internet due to the connection trying to use the current LAN tcp/ip settings.  I have read that there is some way to have the netscreen assign a virtual interface for the remote / dialup user (basically some DHCP settings just for the VPN connection) but have not seen any documentation on how to set this up.
    Any help would be greatly appreciated.  A walk through such as the one just posted regarding a netscreen to netscreen vpn connection setup but for remote software to netscreen with the use of a virtual interface would be a great too.  Could be a good “sticky” for the community here.
    Thanks for the help in advance. :mrgreen:

  • Ok thanks for the point in the right direction.  Now i can get connected to the vpn tunnel using xauth and get a virtual interface.  Still cant access the internet while connected tough. Here is some additional info
    5GT LAN IP=
    IP Pool assigned to xauth = -
    Policy Created (untrust to trust)= Dial-Up VPN –>

    When I get an IP address for the virtual interface I get but the subnet mask is listed as
    I can access webpages via IP address while connected to the VPN and If I change my ethernet connections dns to the dns that is assigned by xauth I am able to connect to webpages.

    Any help would be great. :mrgreen:

  • Florent is right. It’s well documented. Please check either the Juniper KB or the documentation for ScreenOS. Here is a link to one of the articles on the Juniper KB:


  • Engineer

    Configure xauth and use IPpool. THis is basic config which is already well documented