08-15-2013 01:59 PM
What needs to be enabled to allow a VPN that once worked to be allowed through a 3020. I had a Juniper to Juniper IPSEC VPN that worked before the 3020 was placed between the 2 junipers. What needs to be allowed to make sure that the traffic passes.The VPN comes up,but no data is able to pass
08-15-2013 02:05 PM
Please check if
1) you have the correct proxy ids configured on both the firewalls ( the local and the remote networks must be mirror images on both the firewalls )
2) You have the routes configured on the tunnel interface for the remote network ( If the Juniper firewalls supported policy based VPNs, we do not have tunnel interfaces and hence no routes for the remote network, on the Juniper firewall)
3) Check if you have the policies configured correctly for the zones ( the tunnel interface should be assigned to a zone and a virtual router, and we must have the appropriate policies in place to allow end to end traffic)
08-15-2013 03:58 PM
In addition to what karthik said below doc explains Why is a Proxy-ID Required for VPNs between PAN and Firewalls that Support Policy Based VPNs?
Hope this helps you resolve the issue.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!