?
Solved

Netscreen VPN tunnel with NAT feature not working

Posted on 2003-03-13
5
Medium Priority
?
878 Views
Last Modified: 2013-11-16
Hi geeks,

I established VPN tunnel between Netscreen25 to Cisco VPN concentrator, any body who need configuration parameters can contact me.

Problem:

              FW / VPN
                  ----------      -----------      
Internet -----|Netscreen|-----|Mail Server
              ----------      -----------      
             |           192.168.2.2 :----private IP is NAT translation
                                                at Netscreen
                   |    
                 --|--
                 |LAN|
                  ---

* Netscreen Public IP--200.10.1.1, Mail Server Global registered IP--200.10.1.2
* Mail server is NAT translated to global IP 200.10.1.2 at Netscreen.
* VPN Tunnel starts from same Netscreen public interface.
* I am not able to reach Mail server on GLobal IP through VPN tunnel, while it works if we configure for privat IP.

Dear techi coleagues, your answer will help in setting-up VPN which is holding me for long time.

Thanks and best wishes
sudhi
0
Comment
Question by:hnsudhi1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 

Author Comment

by:hnsudhi1
ID: 8134286
This is correct diagram,,, hope it comes properly          
   
                 FW / VPN
Internet -----|Netscreen|-----|Mail Server
                   |             192.168.2.2 :----    
                                    private IP is NAT
                                 translation at Netscreen
                   |    
                 --|--
                 |LAN|
                  ---
0
 
LVL 15

Accepted Solution

by:
WalkaboutTigger earned 300 total points
ID: 8134374
Assumptions based upon your post:

So, 200.10.1.2 is statically NAT'd to 192.168.2.2
The NetScreen's outside IP is 200.10.1.1
The NetScreen's DMZ IP is 192.168.2.1
The default gateway of the mail server is 192.168.1.1
The machine you are trying to VPN from is not on the same IP network as the DMZ of the NetScreen (it isn't on 192.168.2.0/24).
The mail server is on the DMZ port (based upon drawing).

Am I right so far?

Walkabout
0
 

Expert Comment

by:CleanupPing
ID: 9153114
hnsudhi1:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 5

Expert Comment

by:juliancrawford
ID: 10027229
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

Accept: WalkaboutTigger {http:#8134374}

Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Julian Crawford
EE Cleanup Volunteer
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses
Course of the Month13 days, 10 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question