?
Solved

Remote clients VPN connect to Juniper Router but cannot access 2nd site through Site VPN

Posted on 2012-03-29
7
Medium Priority
?
703 Views
Last Modified: 2012-10-23
Hello All

My issue is withis some new Juniper SSG 140 that were installed and reccomended by our Telecoms persons.We are not that familiar with the junipers

We have 2 sites both with these routers . There is a site to site VPN setup between the routers
We have remote clients that use dialup VPN to the routers to get on respective networks but they cannot access the other site through the site to site VPN.

Client A connects to Router A and can access local site A but cannot access Site B though Site VPN
Client B connects to Router B and can access local site B but cannot access Site B though Site VPN

If client A is local on site A network then can access Site B without problem


Can any one reccomend some good guides to familiarise myself with possible issues for this situation

Regards

Chris
0
Comment
Question by:JackShuker
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 37782143
When users connect with dial in VPN. Do they get an ip that is different from site A LAN?

If so then site B needs a route statement pointing back to site A VPN tunnel referencing the ip block assigned to remote VPN users.

For example I have a sonic wall VPN at my corp site. With ip 192.168.200.1/24 my corp LAN is 192.168.16.1/24. At site B I have a separate route statement for each network pointing to the tunnel that my VPN is bound to
0
 
LVL 4

Expert Comment

by:Allvirtual
ID: 37782358
It's a routing issue. Make sure you assign a UNIQUE address pool to the dial-up clients from either gateway. Then configure the routing accordingly.
Off course use a decent VPN client in the first place as it can screw things up as well. What client are you using?
0
 

Author Comment

by:JackShuker
ID: 37782578
I think both comments sound correct

The Dialup client is Shrew Soft VPN it connects and gets given the same address pool when connecting to either sites router . I guess this would confuse routing.

Also there has not been a static route added to send traffic back to either Dialup in the other site - this links back to first point.

I thought about the above two points but presumed that the Junipers dealt with the routing in some other way as it was using the firewall and maybe dynamic updates of which clients were connected. I assumed the thridy party had set up correctly as they supposedly knew the router well

I will make some changes tonight and test
0
Are You Using the Best Web Development Editor?

The worlds of web hosting and web development are constantly evolving. Every year we see design trends change, coding standards adapt and new frameworks/CMS created. With such a quick pace of change it’s easy to get lost trying to keep up.

See if your editor made the list.

 
LVL 4

Expert Comment

by:Allvirtual
ID: 37782898
Good. Also I suggest a professional IPsec VPN client such as the Juniper recommended NCP Juniper Edition client (www.ncp-e.com).
0
 

Accepted Solution

by:
JackShuker earned 0 total points
ID: 37785011
Hello

I have changed the ip pool for one of the sites dialup users - different subnet to the pool used by the other router
I have added a static IP on site B router to send traffic down the site to site VPN for any address on the new dialup subnet
I have checked that within the shrewsoft VPN client that the policy for remote network resource lists the other sites subnet.

Still I am not able to connect through.
Can any body seuggest a setup document for this , it must be fairly common setup
Dialup VPN --- SITE A ----VPN ------SITE B
I am wandering there router firewall or policys are getting in the way

Chris
0
 
LVL 4

Expert Comment

by:Allvirtual
ID: 37785119
Try the NCP client. It is 30 days free unlimited trial. Also you can contact their technical support during that time free of charge: helpdesk@ncp-e.com. Make sure you uninstall and remove the Shrew client before installing the NCP Juniper client.
0
 

Author Closing Comment

by:JackShuker
ID: 38524903
None of the other answers were relevant enough and I carried on with my own plan
0

Featured Post

WordPress Tutorial 3: Plugins, Themes, and Widgets

The three most common changes you will make to your website involve the look (themes), the functionality (plugins), and modular elements (widgets).

In this article we will briefly define each again, and give you directions on how to install them.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Make the most of your online learning experience.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question