vSRX

Expand all | Collapse all

Dynamic VPN - Cannot access protected resources

Jump to Best Answer
  • 1.  Dynamic VPN - Cannot access protected resources

    Posted 04-14-2017 15:53

    Hello, 

    I think I may be missing something here, I have gone over the documentation for the dynamic vpn and am able to connect with the pulse client, however I cannot access any protected resources I specify. It seems to me that the traffic is going through a "Untrust to Untrust" zone, which I have allowed and is being allowed through that zone, however it seems I never get any return traffic. 

     

    Right now on the srx I have a public interface on ge-0/0/0 with a ip address in a /30 subnet, the vpn addresses are setup on a irb (vlan 2) which is a /24 of public addresses. I'm wondering if this is a issues with the return path but not sure because on the device I am trying to ping (172.21.2.2) I can ping ip addresses in the vlan (eg 45.17.139.1). The routing to the vlan subnet on the device that provides the route for this subnet routes requests to these addresses to the ip of my external interface, eg request for 45.17.139.1 routes to 45.27.153.57. This might all be totally wrong, I'm really not sure this is my first time using a srx and I am really trying to figure it out. Also I may have added some unecessisary things in the configuration in the security policies (allowing multiple policies to the tunnel), and the nat (proxy-arp).

     

    Additionally when I ssh into the srx I can ping 172.21.2.2, and when I plugin to one of the interfaces that gives DHCP I can ping 172.21.2.2 as  well. I have attached my configuration and a log of me trying to ping 172.21.2.2, Any help at all would be greatly appreciated. Thank you!

     

    Attachment(s)

    txt
    log.txt   16K 1 version
    txt
    srxconfig.txt   16K 1 version


  • 2.  RE: Dynamic VPN - Cannot access protected resources
    Best Answer

    Posted 04-14-2017 15:54

    Ugh, I just realized I totally posted in the wrong section.

     

    Sorry!