1. Home
  2. Networking Firewalls
  3. Netscreen Remote 7.0.3

Netscreen Remote 7.0.3

Hi guys, just wondered if someone may be able to help me.

I have a remote site in Scotland with 2 users. Both users currently use netscreen remote with there own security policy. However when the both try to connect into the office at the same time only 1 of them can.

It seems like the firewall lets them in but doesn't know which of them to return the information to, I guess this has something to do with them both coming from the same Net Facing IP address or something.

Example:-

User 1 pings the office and get a response. Then User 2 pings the office and gets a response. but then user 1 loses his /her connection.

If they run "ping 192.168.1.254 -t " they get the response :-

Reply from 192.168.1.254: bytes=32 time

Reply to
Dave Sunter
Loading thread data ...

Current version is somewhere north of 10.0, so I recommend an upate first.

What is the firewall in front of them? It has to understand how to NAT IPSec or it won't work.

There are also ways to configure the VPN so that only one user can use it, to avoid them, define 2 separate tunnels with different users attached to each one with separate policies for each. (there are other ways but this is the simplest)

-Russ.

Reply to
Somebody.

Hi Russ,

They are using a 2wire Router from BT. Not sure if there is a setting in the Firewall on this for IPSEC, I'll check. Also they are already using 2 separate policies, but you may have stumbled on to something with the Firewall at their side.

Cheers

Dave.

Reply to
Dave Sunter

That's likely your problem then. Look for a setting like "enable VPN passthrough" that might be the setting that fixes it. Failing anything like that, you're probably out of luck with that box. Most newer low end routers can handle this though, just replace it with a Linksys or Dlink or similar ilk.

A better option of course would be to put a NetScreen 5GT or a Fortigate 50A in, and set up a site-to-site tunnel with the NS10. Then you have better control of the tunnel and additional/different machines can be easily supported.

-Russ.

Reply to
Somebody.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.