KB Home KB Home Back to answers Back to Answers Back to all Knowledge Base Browse Knowledge Base Categories Printer Friendly Version Printer Friendly

Create VPN to a MIP address
Knowledge Base ID: KB5301
Version: 4.0
Published: 07 Oct 2008
Updated: 07 Oct 2008
Categories: . NS-204
. NS-208
. IPSec
. ScreenOS

Summary:
Create VPN to a MIP address

Problem or Goal:
Environment:
  • Users on the '"trusted'" side of a remote VPN device need to reach a host on the "trusted" side of the NetScreen device using the public MIP address (instead of the private address).
  • Route based VPN
  • set flow vpn-untrust-mip
Symptoms & Errors:
  • Cannot reach a public MIP address through a tunnel using route-based VPN

Solution:
Note: This article applies to ScreenOS 5.0 and higher.

A special command is needed to terminate a VPN to the untrust interface, with the destination as the MIP address, instead of a trust address.

From the command line interface (CLI):

set flow vpn-untrust-mip [Enter]
save [Enter]

Purpose:
Configuration

ASK THE KB
Question or KB ID:



RELATED TOPICS