Netscreen VPN help needed

From: rick@xxxxxxxxxxxxxxxx
Date: Wed, 26 Apr 2006 19:35:02 -0700

I have a working policy based lan-to-lan tunnel configured on two
Netscreens.

I also have another zone called 'dmz' on one of the Netscreens, and
hosts in that zone are unable to access the lan-to-lan tunnel.

In zone dmz, there is no policy for the vpn or a route to the
destination, so traffic ends up being sent to the default gateway
instead of the tunnel.

When I tried adding a policy to zone 'dmz' for the vpn traffic
screenos said it could not because the IKE ID was already in use. I
also tried to route the traffic to the trust interface and that didn't
work either.

Can anyone assist and tell me how to configure this so that the other
zone can access the tunnel?

Thanks in Advance.
-RLR

.

Follow-Ups:
- Re: Netscreen VPN help needed
  - From: Robert
- Re: Netscreen VPN help needed
  - From: Somebody.

Prev by Date: Re: IP130 - Active Directory
Next by Date: Outpost Update
Previous by thread: Netscreen CLI (edit policy)
Next by thread: Re: Netscreen VPN help needed
Index(es):
- Date
- Thread

Relevant Pages

Re: Netscreen VPN help needed
... hosts in that zone are unable to access the lan-to-lan tunnel. ... In zone dmz, there is no policy for the vpn or a route to the ... When I tried adding a policy to zone 'dmz' for the vpn traffic ...
(comp.security.firewalls)
RE: Policy Based IDS
... policy alone probably won't cover fulfill all your ... Policy-based systems are at their prime on the "inside" of the network. ... Each zone is configured with a set of IP ranges, CIDRs, or individual ... On the security side, I can get into the actual type of activity allowed ...
(Focus-IDS)
[PATCH 23/34] mm: page-replace-documentation.patch
... +virtual memory subsystem. ... +which memory pages to evict is called the replacement policy. ... +separately for each zone, therefore "struct zone" embeds the following ...
(Linux-Kernel)
Re: HKLM registry key "//system" for Remote Assistance
... The policy settings for controlling URL Actions are available in both the ... Computer Configuration and the User Configuration nodes of Group Policy ... You should also understand the Security Features control policy settings. ... security zone of the URL. ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: [PATCH] get_nodes mask miscalculation
... the statement that only the highest zone is policied ... * Support four policies per VMA and per process: ... * The VMA policy has priority over the process policy for a page fault. ... * Same with GFP_DMA allocations. ...
(Linux-Kernel)