About c_boyer_

c_boyer_ · ‎05-28-2009

When I try to do a tracert to the required gateway, I can't get passed the default DNS/DHCP address. Is there some way to create a route to Network B's gateway so that traffic can get out that gateway? Thanks Channing

c_boyer_ · ‎05-27-2009

Here is a screenshot of our Spit-Tunneling Policy. We have a realm called HQ which is our corporate roles, and ccs which is the secondary network roles. HQ only goes to the corporate policy and ccs only goes to the other network. I hope this makes sense. Also, attached is a TCP dump that I ran yesterday while testing. Thank you, Message Edited by c_boyer on 05-27-2009 06:43 AM

c_boyer_ · ‎05-26-2009

John, I have attached a couple of logs. The policy trace log may only show that I was authenticated as the correct policy. To clarify, I am not having an issue creating a VPN connection to Network B. What I am having issue with is; getting the traffic to go out the other Network B's gateway. It is wanting to go back through Network A. Is there maybe a way to have the Network B realm use Network B's gateway info? Thanks Channing

c_boyer_ · ‎05-22-2009

Ok, here is some background: - We are running a cluster of SA4500's, which is using a 192.168.70.x subnet. - We have two networks with their own dedicated internet circuits. Network "A" is our main corporate network and Network B is a blackbox network. - We are using Juniper to sit between network A and B. We have it configured to allow corporate traffic to flow in and out A's internet circuit, while B's traffic flows out the other internet circuit. -We also have two realms configured to seperate the rules. We have a realm that is tied to the corporate network which is pretty much open. The second realm goes to Network B and uses SVW and uses address pools for two different types of roles. - We have a small handfull of users that use one address pool, and everyone else that logs into this realm another. - Our issue is that we need this the packets from this realm to go out Network B's internet circuit. We have a static route setup on the Juniper appliance that points to this network, and a Split-Tunneling Policy route was also set up. This was working for a time, however, we are no longer able to access a utility that we need to from Network B. As far as I can tell, nothing has changed on the Juniper appliance's or Network B's firewall configurations. Any help is greatly appreciated. Channing

c_boyer_ · ‎04-29-2009

Sorry for the late response. This issue was resolved by adding a Split Tunneling Policy to that network. Once that was created, we were able to connect to the vendor's site. Thanks Channing

c_boyer_ · ‎04-21-2009

I will try and break this down as concise as possible: 1. Two realms are configured. One for corprate access; the other for special access. 2. The corprate network resides on one network, the special resides in another. 3. Juniper is configured to be the firewall for VPN access. All traffic for the corprate goes in and out through one internet connection (DS3), while the special is going out a different internet connection (T1). 4. Two realms are created abc.xyz.com for the corprate; def.xyz.com for the special. 5. One one is logged on the special def.xyz.com, traffic needs to look like it is coming from the T1 connection. All corprate traffic needs to look like it is coming from the DS3 connection. 6. Right now, all traffic is looking like it is coming from the DS3 connection. Juniper will not allow me to create an interal static route using the special networks gateway address. 7. We only have the internal network ports configured. I hope I have provided enough info. Thanks Channing

Re: Packet Forwarding between networks

Re: Packet Forwarding between networks

Re: Packet Forwarding between networks

Packet Forwarding between networks

Re: Special Routing configuration

Special Routing configuration