Is the VPN Gateway Configured to Use the Correct Outgoing Interface? (KB ID: KB4409)
| Article ID: | KB4409 |
|---|---|
| Former Article ID: | ns10471 |
| Published: | Jan 22, 2007 |
| Last Modified: | Jan 22, 2007 |
| Visible By: | Employee, PTAC, Partner, Customer, Public |
Back to Previous Page | Knowledge Base Home
Article URL
Synopsis
How to determine if the VPN Gateway is configured for the Correct Outgoing Interface?
Problem
Solution
This article applies to ScreenOS 5.0 and higher.
To ensure that the outgoing VPN interface configured in phase 1 matches, perform the following steps:
Open the WebUI. For more information on accessing the WebUI, go to KB4060 - Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI .
From the Juniper Firewall WebUI menu, select VPNs, AutoKey Advanced, then Gateway.
Locate the Gateway, and then click Edit.
Examine the Outgoing Interface field, located towards the bottom of the screen, and make note of which interface is designated.
View the Route Table by clicking on Network > Routing > Destination. Look for the default outgoing static route, it is the route with 0.0.0.0/0 in the IP/Netmask field. Note the interface used by the default route. In most cases, the VPN Gateway should use this same interface.
Is this the same interface as that listed as the Outgoing Interface in Step 4?
Yes - Then the Outgoing Interface in the Gateway is configured correctly. Go to Step 8 in KB9217 - How to Troubleshoot a Site-to-Site VPN That Won't Come Up and ther are No Messages In the Event Logs.
No - A new Gateway will have to be created using the correct outgoing interface. You cannot change the Outgoing Interface once the Gateway has been completed.
Category Description
By Product » Hardware » Firewalls » NetScreen Firewall/IPSec VPN
By Product » Software » Network Operating Systems » ScreenOS Software
By Network Technology » IP Protocols » Tunneling Protocols » IPSec
Purpose
Configuration