ragot
asked on
multiple address are not supported at current stage for bidirectional vpn policy
is there a way that i can create multiple services for bidirectional vpn policy in netscreen?
You would have to make your question more specific. but in short yes you can.
ASKER
sangamc : how? im using netscreen 25 firewall
when logged in on the web interface. go to the policies section and click on 'edit' link for the bi directional VPN policy. In the section where you can specify service, click on multiple and add all the different services you would like to allow. You will need to do this for each direction of the VPN. in some cases i allow a completely different set of outgoing services like DNS, SMTP and HTTP than for the incoming services like HTTPS, RDP VNC
hope this helps
hope this helps
ASKER
thanks sangamc : i already did that and i got the error which i posted as subject here. i have a bi directional vpn policy for untrust-trust and vice versa. hope you can give me a solution for it thanks a lot
That is very strange if you already did the config as I described. If you set the VPN services to 'Any' on both incoming and outgoing policies, and enable logging on session close you should be able to see if traffic is indeed going through the VPN.
You might have a problem elsewhere so this will help track it down
You might have a problem elsewhere so this will help track it down
ASKER
yes the traffic is indeed going through the VPN, can i disable first the bi-directional vpn on trust-untrust and try to edit the bi-directional policy on untrust-trust first? then enable back the other one and edit it
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.