Re: Netscreen Remote 7.0.3

"Somebody." <somebody.@xxxxxxxxxxxxxxxxxxxxx> wrote in message
news:_u9Cf.10109$43.3832@xxxxxxxxxxxxxxx!nnrp1.uunet.ca...
>
> "Dave Sunter" <dsunter@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:Qq6Cf.61068$zt1.28994@xxxxxxxxxxxxxxxxxxxxxxx
>> Hi guys, just wondered if someone may be able to help me.
>>
>> I have a remote site in Scotland with 2 users. Both users currently use
>> netscreen remote with there own security policy. However when the both
>> try to connect into the office at the same time only 1 of them can.
>>
>> It seems like the firewall lets them in but doesn't know which of them to
>> return the information to, I guess this has something to do with them
>> both coming from the same Net Facing IP address or something.
>>
>> Example:-
>>
>> User 1 pings the office and get a response. Then User 2 pings the office
>> and gets a response. but then user 1 loses his /her connection.
>>
>> If they run "ping 192.168.1.254 -t " they get the response :-
>>
>> Reply from 192.168.1.254: bytes=32 time<1ms TTL=128
>> Reply from 192.168.1.254: bytes=32 time<1ms TTL=128
>> Reply from 192.168.1.254: bytes=32 time<1ms TTL=128
>>
>> Until user 2 pings then they get either
>> No Reply
>> or
>> Request timed out.
>>
>> Has anybody got any ideas what I can do to get round this?
>>
>> We are using a "Netscreen 10" Firewall with "Netscreen Remote 7.0.3"
>>
>> Thanks in Advance.
>>
>> Dave.
>
> Current version is somewhere north of 10.0, so I recommend an upate first.
>
> What is the firewall in front of them? It has to understand how to NAT
> IPSec or it won't work.
>
> There are also ways to configure the VPN so that only one user can use it,
> to avoid them, define 2 separate tunnels with different users attached to
> each one with separate policies for each. (there are other ways but this
> is the simplest)
>
> -Russ.
>

Hi Russ,

They are using a 2wire Router from BT. Not sure if there is a setting in
the Firewall on this for IPSEC, I'll check. Also they are already using 2
separate policies, but you may have stumbled on to something with the
Firewall at their side.

Cheers

Dave.


.

Relevant Pages

  • Re: VPN WinXP Firewall
    ... Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on ... It connects OK but the name mappings (net use x: ... > The remote clients go thru a Linksys BEFSX41 at the remote site. ... The problem seems to have begun when the Win XP firewall update ...
    (microsoft.public.windows.server.networking)
  • RE: 2 router to internal sbs std network
    ... appaers that you have set up a firewall (ISA server) on your internal network. ... > and one ont thing from the remote site i can ping the main office ...
    (microsoft.public.windows.server.sbs)
  • RE: can ping, cant download through firewall
    ... with generic kernel and no firewall it's the same situation. ... >from the gateway itself i can ping the world, ... on the internal network the pings ...
    (freebsd-questions)
  • Re: Something nasty in the Net shed..
    ... The firewall only works on stuff that is being passed through it. ... Anyone know a wired DSL router that will block incoming pings, ... If you are being charged for download, then there's nothing you can do at your end. ...
    (uk.telecom.broadband)
  • Komische PINGs auf Mailserver
    ... PINGs auf meinen Mailserver, von IPs quer über die Welt, von New York bis ... das Mail-Logfile zeigt hinterher keinerlei Aktivitäten von diesen Adressen ... Pings unmittelbar hintereinander, erst jetzt gerade wieder: ... das Zeug in der Firewall zu sperren? ...
    (de.comp.security.misc)