Set Up SSG-5 VPN for remote/remote subnet
Posted on 2007-11-20
I have an SSG-5 site-to-site VPN set up on a local subnet - the other end is an RV042.
Now I need to modify the VPN local end point to be another subnet while keeping the interface on the current subnet. Like this:
The current SSG-5 interface on the local subnet is 192.168.2.2
The destination subnet for packets coming through the VPN will be 192.168.1.0/24
So, the VPN must be terminated with that subnet - that is well known.
There is a local router at 192.168.2.99 that will send the packets on to 192.168.1.0/24
So, I need to make these changes:
1) Terminate the tunnel at the SSG-5 end with 192.168.1.0/24 (keeping the router LAN physical address at 192.168.2.2).
2) Route packets destined for 192.168.1.0/24 to 192.168.2.99
Which things should I be thinking about changing in the SSG-5? I know what to do with the RV042 settings at the other end of the VPN. I'm still a bit confused about the relationship between "address list, objects, policies, etc." in the Juniper Networks box. Maybe a brief description of their roles in the scheme of things would help!