1

I have a dynamic VPN set up on a SRX 220 running Junos 11.4R10.3

Clients can connect and access the protected resources, but systems on the local network can not access connected clients. Connections to them are routed on the default route out through the outbound connection, rather than through the VPN tunnel.

How can I initiate connections to dynamic VPN-connected clients?

tkerwin
  • 111
  • 3
  • Are your VPN clients on a specific subnet ? they should be, so that you can add the appropriate route to not use the default one – krisFR Apr 01 '14 at 22:35
  • They are (192.168.0.193/27), but I am not sure how to set up the route so that they are routed through the VPN connect. I would have thought that the route would be set up automatically when the dynamic VPN was created. – tkerwin Apr 01 '14 at 22:49
  • I can't see a reason why the route will be created dynamically on your main router. In my opinion you should add a route on your backbone, something like `192.168.0.193/27 via vpn.gateway.ip.address` – krisFR Apr 01 '14 at 22:55
  • There is only one router in this scenario. The SRX 220 is connected to the internal clients and is hosting the VPN. – tkerwin Apr 01 '14 at 23:08
  • The problem stays the same. If your SRX 220 route 192.168.0.193/27 to Internet this is because it is missing a route. If possible provide us the routing table of your SRX 220. – krisFR Apr 01 '14 at 23:15
  • I know there is no route. I put "route 192.168.0.192/27 next-hop 127.0.0.1;" in my static routes, but this doesn't seem to do anything -- it doesn't show up when I do a 'show route' command. – tkerwin Apr 02 '14 at 00:21
  • Why 127.0.0.1 ?? should be your vpn interface IP instead. Well, i will stop there because we will run into chat soon. Please update your question to describe your network setup and your routing table. – krisFR Apr 02 '14 at 00:29

0 Answers0