Hi, I have a Netscreen 5GT. I was setup on the network, as the main gateway, and had VPN configured and working. Recently, I switched routers (to one that could support dual WAN), changed Internet providers and changed the internal subnet (running out of IP's). I could not manage to get VPN working with the new router (NetGear FVS538), so I tried to reconnect the Netscreen as a secondary router just for VPN. (Actually, I set up the mail server to go through it as well, but that's not important.) Using the same settings that were already on the router, but changing the relevant areas (subnets, network information) I can still connect to the VPN (authenticate and join the network.) I can not actually see the office network though. I can ping the Netscreen using it's internal IP (10.10.1.2), but I can't ping any other computers on the network. I've reconfigured the VPN settings about 10 times or more by now, following the examples and documentation I could find, but I still can't get any traffic through to the office network. One thing that strikes me odd is that when I do an IP Config on the client, it doesn't get assigned a Gateway. The IP, and DNS are correctly assigned, but the gatway field is blank. I will post a copy of my router conf file below so you can see all the settings. I would really appreciate it if someone could shed some light on this. Also, if I should be asking this somewhere else, please let me know. Thanks. Note, I've changed my real WAN IP to xxx.xxx.xxx.xxx. Also, I have a secondary IP of 192.... assigned to the trust Nic. This is because I still have some printers on the network on the old 192 subnet. ROUTER FILE ----------------------------------------- set clock ntp set clock timezone -5 set vrouter trust-vr sharable unset vrouter "trust-vr" auto-route-export set service "RWW" protocol tcp src-port 0-65535 dst-port 4125-4125 set service "RWW" + udp src-port 0-65535 dst-port 4125-4125 set service "RDP" protocol tcp src-port 0-65535 dst-port 3389-3389 set service "RDP" + udp src-port 0-65535 dst-port 3389-3389 set service "CommerceWorx" protocol tcp src-port 5631-5631 dst-port 21-21 set service "CommerceWorx" + tcp src-port 5632-5632 dst-port 20-20 set service "CommerceWorx" + udp src-port 5631-5631 dst-port 21-21 set service "CommerceWorx" + udp src-port 5632-5632 dst-port 20-20 set auth-server "Local" id 0 set auth-server "Local" server-name "Local" set auth default auth server "Local" set admin name "netscreen" set admin password "************************" set admin port 8080 set admin scs password disable username netscreen set admin auth timeout 45 set admin auth server "Local" set admin privilege read-write set admin format dos set zone "Trust" vrouter "trust-vr" set zone "Untrust" vrouter "trust-vr" set zone "VLAN" vrouter "trust-vr" set zone "Trust" tcp-rst set zone "Untrust" block unset zone "Untrust" tcp-rst set zone "MGT" block set zone "VLAN" block set zone "VLAN" tcp-rst set zone "Untrust" screen tear-drop set zone "Untrust" screen syn-flood set zone "Untrust" screen ping-death set zone "Untrust" screen ip-filter-src set zone "Untrust" screen land set zone "V1-Untrust" screen tear-drop set zone "V1-Untrust" screen syn-flood set zone "V1-Untrust" screen ping-death set zone "V1-Untrust" screen ip-filter-src set zone "V1-Untrust" screen land set interface "trust" zone "Trust" set interface "untrust" zone "Untrust" unset interface vlan1 ip set interface trust ip 10.10.0.0/16 set interface trust nat set interface trust ip 192.168.1.2 255.255.255.0 secondary set interface untrust ip xxx.xxx.xxx.xxx/32 set interface untrust route unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip set interface trust manage-ip 10.10.1.2 set interface trust ip manageable set interface untrust ip manageable set interface untrust manage ping set interface untrust manage web set interface "untrust" mip xxx.xxx.xxx.xxx host 10.10.1.14 netmask 255.255.255.255 vrouter "trust-vr" set flow tcp-mss 1392 set flow all-tcp-mss 1304 set hostname ns5gt set dns host dns1 207.164.234.193 set dns host dns2 207.164.234.129 set address "Trust" "LAN" 10.10.0.0 255.255.0.0 set address "Untrust" "update.microsoft.com" update.microsoft.com set address "Untrust" "www.microsoft.com" www.microsoft.com set ippool "l2-pool" 10.10.10.100 10.10.10.250 set user "test" uid 21 set user "test" type l2tp set user "test" password "123" unset user "test" type auth set user "test" "enable" set ike respond-bad-spi 1 set xauth default auth server Local chap set l2tp default dns1 10.10.1.11 set l2tp default dns2 10.10.1.14 set l2tp default ippool "l2-pool" set l2tp default ppp-auth chap set l2tp "l2-tunnel" id 2 outgoing-interface untrust keepalive 60 set l2tp "l2-tunnel" remote-setting ippool "l2-pool" set pki authority default scep mode "auto" set pki x509 default cert-path partial set pki x509 dn state-name "ON" set pki x509 dn name "test" set pki x509 dn phone "905-123-123" set pki x509 dn email "[email protected]" set pki x509 dn ip "0.0.0.0" set group address "Untrust" "trusted internet sites" set group address "Untrust" "trusted internet sites" add "update.microsoft.com" set group address "Untrust" "trusted internet sites" add "www.microsoft.com" set group service "HTTP MAIL & RDP" set group service "HTTP MAIL & RDP" add "HTTP" set group service "HTTP MAIL & RDP" add "MAIL" set group service "HTTP MAIL & RDP" add "RDP" set scheduler "non-working hours" recurrent sunday start 0:0 stop 23:59 set scheduler "non-working hours" recurrent monday start 0:0 stop 7:0 start 18:0 stop 23:59 set scheduler "non-working hours" recurrent tuesday start 0:0 stop 7:0 start 18:0 stop 23:59 set scheduler "non-working hours" recurrent wednesday start 0:0 stop 7:0 start 18:0 stop 23:59 set scheduler "non-working hours" recurrent thursday start 0:0 stop 7:0 start 18:0 stop 23:59 set scheduler "non-working hours" recurrent friday start 0:0 stop 7:0 start 18:0 stop 23:59 set scheduler "non-working hours" recurrent saturday start 0:0 stop 23:59 set scheduler "Working hours" recurrent monday start 7:0 stop 18:0 set scheduler "Working hours" recurrent tuesday start 7:0 stop 18:0 set scheduler "Working hours" recurrent wednesday start 7:0 stop 18:0 set scheduler "Working hours" recurrent thursday start 7:0 stop 18:0 set scheduler "Working hours" recurrent friday start 7:0 stop 18:0 set policy id 11 from "Untrust" to "Trust" "Dial-Up VPN" "LAN" "ANY" tunnel l2tp "l2-tunnel" log set policy id 1 from "Trust" to "Untrust" "Any" "Any" "ANY" permit log count set policy id 2 from "Untrust" to "Trust" "Any" "MIP(xxx.xxx.xxx.xxx)" "HTTPS" permit log count set policy id 2 set service "POP3" set service "RWW" set service "HTTP MAIL & RDP" exit set policy id 10 from "Untrust" to "Trust" "Any" "MIP(xxx.xxx.xxx.xxx)" "FTP" permit set pppoe name "Bell" set pppoe name "Bell" username "dsl user" password "*******************" set pppoe name "Bell" idle 0 set pppoe name "Bell" interface untrust set pppoe name "Bell" auto-connect 5 set global-pro policy-manager primary outgoing-interface untrust set global-pro policy-manager secondary outgoing-interface untrust set ssh version v2 set config lock timeout 5 set ntp server "0.ca.pool.ntp.org" set ntp server backup1 "1.ca.pool.ntp.org" set ntp server backup2 "2.ca.pool.ntp.org" set ntp max-adjustment 3600 set modem speed 115200 set modem retry 3 set modem interval 10 set modem idle-time 10 set snmp port listen 161 set snmp port trap 162 set vrouter "untrust-vr" set enable-source-routing exit set vrouter "trust-vr" set enable-source-routing unset add-default-route exit Message Edited by SilicaGel on 05-06-2008 01:11 PM ... View more