Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Netscreen VPN tunnel with NAT feature not working

Posted on 2003-03-13
5
Medium Priority
?
882 Views
Last Modified: 2013-11-16
Hi geeks,

I established VPN tunnel between Netscreen25 to Cisco VPN concentrator, any body who need configuration parameters can contact me.

Problem:

              FW / VPN
                  ----------      -----------      
Internet -----|Netscreen|-----|Mail Server
              ----------      -----------      
             |           192.168.2.2 :----private IP is NAT translation
                                                at Netscreen
                   |    
                 --|--
                 |LAN|
                  ---

* Netscreen Public IP--200.10.1.1, Mail Server Global registered IP--200.10.1.2
* Mail server is NAT translated to global IP 200.10.1.2 at Netscreen.
* VPN Tunnel starts from same Netscreen public interface.
* I am not able to reach Mail server on GLobal IP through VPN tunnel, while it works if we configure for privat IP.

Dear techi coleagues, your answer will help in setting-up VPN which is holding me for long time.

Thanks and best wishes
sudhi
0
Comment
Question by:hnsudhi1
4 Comments
 

Author Comment

by:hnsudhi1
ID: 8134286
This is correct diagram,,, hope it comes properly          
   
                 FW / VPN
Internet -----|Netscreen|-----|Mail Server
                   |             192.168.2.2 :----    
                                    private IP is NAT
                                 translation at Netscreen
                   |    
                 --|--
                 |LAN|
                  ---
0
 
LVL 15

Accepted Solution

by:
WalkaboutTigger earned 300 total points
ID: 8134374
Assumptions based upon your post:

So, 200.10.1.2 is statically NAT'd to 192.168.2.2
The NetScreen's outside IP is 200.10.1.1
The NetScreen's DMZ IP is 192.168.2.1
The default gateway of the mail server is 192.168.1.1
The machine you are trying to VPN from is not on the same IP network as the DMZ of the NetScreen (it isn't on 192.168.2.0/24).
The mail server is on the DMZ port (based upon drawing).

Am I right so far?

Walkabout
0
 

Expert Comment

by:CleanupPing
ID: 9153114
hnsudhi1:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 5

Expert Comment

by:juliancrawford
ID: 10027229
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

Accept: WalkaboutTigger {http:#8134374}

Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Julian Crawford
EE Cleanup Volunteer
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question