Dial-Up VPN how to add access to subnet?
Hi Guys please forgive me if the terminology i use is incorrect. Not very experienced with the SSG.
I created a Dial-Up VPN connection as per:
Using the latest Shrew soft client in windows 7.
And have it working, i can access everything in my 10.0.0.0 and ping remote servers; i would like to also be able to ping/connect to server in my 172.1.x.x range.
How would i go about adding permission for this?
It doesnt allow me to add multiple addresses on the main bi-directional vpn policy i created for 10.0.0.0
I created a second policy Untrust to Trust bi-directional for 172.16 but it doesnt seem to work that way.
any help is appreciated.
That’s good to hear!
by the way…here is one short “how-to”: http://www.corelan.be:8800/index.php/2009/01/22/juniper-netscreen-remote-dial-up-vpn-with-ad-radius-authentication-and-route-based-vpn-tunnel-interface/
Managed to get Radius working by changing auth in autokey advanced/gateway.
thanks again for your help!
Thanks so much man; works like a charm. I must have made an error first time through the policy setup.
If i may ask you another question:
If i would like this dial-up vpn setup i just created to use our internal radius server for xauth, where would i make the change?
again, thanks your help is much appreciated.
Thanks for the heads up! Greatly appreciated.
I’ll try this when out of the office and let you know how it goes.
1. Create 2 policies for each network (http://kb.juniper.net/index?page=content&id=KB12959&actp=LIST).
from untrust(dialup) to trust to your 192.168.1.0/24
from untrust(dialup) to trust to your 192.168.5.0/24
2. Open your shrew soft vpn access manager. Under VPN Site Configuration you will find tab “Policy/IPsec policy configuration”. Define both remote network resources.
I tested this on SSG20 and it’s working. Good luck.
thanks for the reply; just making ssure i understand you correctly.
I simply create another dial-up policy in my rules list similar to the one i have setup for existing network?
i.e. from Untrust (dialup) to trust
if this is the case i must have made a mistake previously because i thought i tried this.
thanks once again.
On SSG device create two dailup policies for each subnet/zone.
Add rule entry in shrew vpn site manager (tab Policy) for each subnet you want to have access.