KB Home KB Home Back to answers Back to Answers Back to all Knowledge Base Browse Knowledge Base Categories Printer Friendly Version Printer Friendly

VPN to subinterface
Knowledge Base ID: KB5686
Version: 2.0
Published: 07 Oct 2008
Updated: 07 Oct 2008
Categories: . ScreenOS

Problem or Goal:
VPN is terminated at one of the subinterface' define on Netscreen 500 which has a fix IP address One of the Netscreen is getting the IP address from ISP DHCP server Do not have any problem if both of the Netscreen' are using static IP address

The Security Association (SA) is active but no traffic can' send through the tunnel.' 
To check the SA status,

From the CLI type,

' ' ' '  get sa [Enter]


Solution:
Screen OS 3.1.0r5 and below do not support terminating VPN to a subinterface when configuring dynamic or dialup VPN
Screen OS 3.1.0r5 and below do not support terminating VPN to a subinterface when configuring dynamic or dialup VPN.
Solution: Upgrade to Screen OS 3.1.0r7 or later

Purpose:
Troubleshooting

ASK THE KB
Question or KB ID:



RELATED TOPICS