Solved

multiple address are not supported at current stage for bidirectional vpn policy

Posted on 2010-09-17
7
1,785 Views
Last Modified: 2013-11-16

 is there a way that i can create multiple services for bidirectional vpn policy in netscreen?
0
Comment
Question by:ragot
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 33707820
You would have to make your question more specific. but in short yes you can.
0
 

Author Comment

by:ragot
ID: 33708398
sangamc : how? im using netscreen 25 firewall
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 33709018
when logged in on the web interface. go to the policies section and click on 'edit' link for the bi directional VPN policy. In the section where you can specify service, click on multiple and add all the different services you would like to allow. You will need to do this for each direction of the VPN. in some cases i allow a completely different set of outgoing services like DNS, SMTP and HTTP than for the incoming services like HTTPS, RDP VNC

hope this helps
0
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

 

Author Comment

by:ragot
ID: 33710168
thanks sangamc : i already did that and i got the error which i posted as subject here. i have a bi directional vpn policy for untrust-trust and vice versa. hope you can give me a solution for it thanks a lot
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 33712557
That is very strange if you already did the config as I described. If you set the VPN services to 'Any' on both incoming and outgoing policies, and enable logging on session close you should be able to see if traffic is indeed going through the VPN.

You might have a problem elsewhere so this will help track it down
0
 

Author Comment

by:ragot
ID: 33713380
yes the traffic is indeed going through the VPN, can i disable first the bi-directional vpn on trust-untrust and try to edit the bi-directional policy on untrust-trust first? then enable back the other one and edit it
0
 

Accepted Solution

by:
ragot earned 0 total points
ID: 33785379
it works when i unchecked modify matching bi directional policy
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question