Hi Mark,
What you need to do in effect, is setup a hub and spoke VPN. This will
allow your remove users to VPN into Office A, and tunnel back out to
Office B.
Here is a knowledgebase article pertaining to setting up Hub and Spoke
VPNs for 3 sites. The site configuration and the remote user VPN
configuration is not all that different.
http://2550.support.juniper.safeharbor.com/knowbase/root/public/ns10205.
htm?
If you are using a newer version of ScreenOS, you should be able to jump
onto the Juniper site and download the Configuration and Examples guide
and do a lookup on Hub and Spoke VPNs.
Good luck.
Regards,
Jason
-----Original Message-----
From: Mark Owen [mailto:mr.markowen@gmail.com]
Sent: Wednesday, 31 August 2005 2:20 PM
To: firewalls@securityfocus.com
Subject: Netscreen VPN route to VPN
Can't quite figure this one out and searching online brings no results.
Using a Netscreen trying to get our VPN users to connect to another VPN
tunnel.
Our site consist of "Office A", "Office B", and Dial-up users.
A and B are connected with a static VPN tunnel.
Dial-up users connect to Office A through another VPN tunnel.
One Netscreen 25 handles both tunnels.
Typically all VPN users should only access A, but with recent expansions
B has started to become a file repository requiring remote access to our
dial-up users.
What I want to do is allow dial-up users who VPN to Office A to access
Office B. I believe it is as simple as creating a route between the two
using Offica A as a gateway but the Netscreen interface isn't very clear
on where I should add it.
Any one have any thoughts?
Thanks,
Mark Owen
