Hello, A dialup VPN client want to access some services in one of the VPN sites.
Dialup VPN Client <----------> Site A <----------> Site B
172.31.99.63 192.168.135.0/24 192.168.96.0/20
Site A and Site B is forming site to site VPN Dialup
VPN can access the services in Site A
I have changed site A firewall policy proxy ID (untrust VPN client to trust)
after this modification, I ping to 192.168.99.109 and got below result.
2016-09-01 12:51:19 172.31.99.63:1103 192.168.99.109:1 0.0.0.0:0 0.0.0.0:0 ICMP 0 sec. 0 0 Traffic Denied
2016-09-01 12:51:09 172.31.99.63:1101 192.168.99.109:1 0.0.0.0:0 0.0.0.0:0 ICMP 0 sec. 0 0 Traffic Denied
2016-09-01 12:51:04 172.31.99.63:1100 192.168.99.109:1 0.0.0.0:0 0.0.0.0:0 ICMP 0 sec. 0 0 Traffic Denied
Refer to one of the topic, I should add firewall policy 172.31.99.xx/24 to 192.168.96.0/20. http://forums.juniper.net/t5/ScreenOS-Firewalls-NOT-SRX/Dial-up-VPN-to-SSG-20-multiple-zones/td-p/1946
However, this topic is showing route based VPN. Both site A and site B firewall are using policy based.
Could anyone show me what I should config in order to make Dialup VPN client can access site B services?
Many Thanks =)