Hi All,
I configured Dyn VPN and I can connect to my local resources but cannot access the resources on remote VPN site.
I have two vpn sites : site A (172.16.4.0/24) and site B(10.36.4.0/24) both connected using route based policy .Clients ( gets IP from 192.168.239.0/24 pool) can connect to site A using Dyn VPN , however they cannot access vpn site B . Added both sites as protected resource for both site A and site B in dynamic vpn configuration . I have only two security zone in my juniper box (internal and internet).
In flow logs, i can see these, but it look like i need to create a policy from Internet to Internet ???
Feb 5 03:46:35 03:46:35.403799:CID-0:RT:Doing DESTINATION addr route-lookup
Feb 5 03:46:35 03:46:35.403799:CID-0:RT: routed (x_dst_ip 10.36.4.40) from Internet (ge-0/0/0.0 in 0) to st0.7, Next-hop: 10.36.4.40
Feb 5 03:46:35 03:46:35.403799:CID-0:RT:flow_first_policy_search: policy search from zone Internet-> zone Internet (0x0,0xd3240016,0x16)
Feb 5 03:46:35 03:46:35.403799:CID-0:RT:Policy lkup: vsys 0 zone(7:Internet) -> zone(7:Internet) scope:0
Feb 5 03:46:35 03:46:35.403799:CID-0:RT: 192.168.239.3/54052 -> 10.36.4.40/22 proto 6
Feb 5 03:46:35 03:46:35.403799:CID-0:RT:Policy lkup: vsys 0 zone(5:Unknown) -> zone(5:Unknown) scope:0
Feb 5 03:46:35 03:46:35.403799:CID-0:RT: 192.168.239.3/54052 -> 10.36.4.40/22 proto 6
Feb 5 03:46:35 03:46:35.403799:CID-0:RT: app 22, timeout 1800s, curr ageout 20s
Feb 5 03:46:35 03:46:35.403799:CID-0:RT: packet dropped, denied by policy
Feb 5 03:46:35 03:46:35.403799:CID-0:RT: denied by policy default-policy-00(2), dropping pkt
Feb 5 03:46:35 03:46:35.403799:CID-0:RT: packet dropped, policy deny.
Feb 5 03:46:35 03:46:35.403799:CID-0:RT: flow find session returns error.
Feb 5 03:46:35 03:46:35.403799:CID-0:RT:flow_process_pkt_exception: Freeing lpak 0x50a4ee38 associated with mbuf 0x43568480
Feb 5 03:46:35 03:46:35.403799:CID-0:RT: ----- flow_process_pkt rc 0x7 (fp rc 0)
Feb 5 03:46:37 03:46:37.204307:CID-0:RT:jsf sess close notify
Feb 5 03:46:37 03:46:37.204307:CID-0:RT:flow_ipv4_del_flow: sess 388946, in hash 32
I would like to know what am i missing ?
Thanks