Link to home
Start Free TrialLog in
Avatar of ragot
ragotFlag for Singapore

asked on

multiple address are not supported at current stage for bidirectional vpn policy


 is there a way that i can create multiple services for bidirectional vpn policy in netscreen?
Avatar of Sanga Collins
Sanga Collins
Flag of United States of America image

You would have to make your question more specific. but in short yes you can.
Avatar of ragot

ASKER

sangamc : how? im using netscreen 25 firewall
when logged in on the web interface. go to the policies section and click on 'edit' link for the bi directional VPN policy. In the section where you can specify service, click on multiple and add all the different services you would like to allow. You will need to do this for each direction of the VPN. in some cases i allow a completely different set of outgoing services like DNS, SMTP and HTTP than for the incoming services like HTTPS, RDP VNC

hope this helps
Avatar of ragot

ASKER

thanks sangamc : i already did that and i got the error which i posted as subject here. i have a bi directional vpn policy for untrust-trust and vice versa. hope you can give me a solution for it thanks a lot
That is very strange if you already did the config as I described. If you set the VPN services to 'Any' on both incoming and outgoing policies, and enable logging on session close you should be able to see if traffic is indeed going through the VPN.

You might have a problem elsewhere so this will help track it down
Avatar of ragot

ASKER

yes the traffic is indeed going through the VPN, can i disable first the bi-directional vpn on trust-untrust and try to edit the bi-directional policy on untrust-trust first? then enable back the other one and edit it
ASKER CERTIFIED SOLUTION
Avatar of ragot
ragot
Flag of Singapore image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial