Screen OS

 View Only
last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  site to site tunneling ( scenario)

    Posted 04-26-2009 06:35

    hi,

     

    i have two clustered servers   set in trust zone behind ssg140 and i have another server in remote location hosted by the ISP, currently there is no connection to that site except the internet , so i configured a tunnel interface and bind to (untrust-tun) and encp=GRE source is ethernet0/2 destination is the router provided by the isp, also i asked the ISP to configure on there (router-firewall) the same as i did tunnel interface plus source and destination, from the firewall i can reach the isp router+tunnel interface and the server, but from the trust zone am unable to reach any of those.

     

    any thing missing in the above scenarion ?



  • 2.  RE: site to site tunneling ( scenario)

    Posted 04-26-2009 14:18
    The concepts and examples states the tunnel interface and the endpoint you configure must be in the same zone I Think I remember. So try to place the tunnel int in trust zone. Anyway, I would prefer a IPSEC tunnel because GRE doesn't do any encryption!


  • 3.  RE: site to site tunneling ( scenario)

    Posted 04-27-2009 01:10
    what if the two sites have the same ip range does the above scenario works or you need to have a diffirent ip range and keep them in the trust zone


  • 4.  RE: site to site tunneling ( scenario)

    Posted 04-27-2009 08:34
    If both remote ends have the same IP then its definitely not going to work. You can either opt for natting or to change the IP addresses on one side.


  • 5.  RE: site to site tunneling ( scenario)
    Best Answer

    Posted 05-10-2009 03:18
    i found i, its working for me now