This is the setup :
Netscreen
_fw1_ |
Management--------Hub1-----<_ |
_ >Hub2------------CiscoRouter-------------Switch
fw2 |
Laptop+SecuremoteNG
Classic Setup, everything works well, load
balancing, failover, but when it comes
to VPN's nothing works.
I tried a policy in the new mode ( the VPN
community thing )
And a policy in classic mode like in the good old
4.1
I am trying to establish the VPN from the Netscreen
box and from the Securemote Client
to the Shared Virtual Cluster IP. For the
Netscreen, the Phase1 using 3des/md5/preshareKey/dhg2 works.
Then the Phase2 using 3des/sha1/dhg2 nearly
finishes but the NG box sends the wrong encryption domain
to the netscreen, it sends the IP of the machine (
Management ) trying to ping the Netscreen's encryption domain
as its encryption domain. Of course the netscreen
refuses to bring up the vpn cuz it expects to receive the subnet
as encryption domain of the NG box, as define in
the NG policy cluster topology.
For the VPN client, I am able to create the site
within securemote and authenticate using fw-1 password.
But then when the vpn is UP I cant ping in the
encryption domain... basic
ANy help will be appreciated,
Yannick
