Knowledge Search


[Archive] Create VPN to a MIP address

  [KB5301] Show Article Properties

Create VPN to a MIP address
  • Users on the '"trusted'" side of a remote VPN device need to reach a host on the "trusted" side of the NetScreen device using the public MIP address (instead of the private address).
  • Route based VPN
  • set flow vpn-untrust-mip
Symptoms & Errors:
  • Cannot reach a public MIP address through a tunnel using route-based VPN
Note: This article applies to ScreenOS 5.0 and higher.

A special command is needed to terminate a VPN to the untrust interface, with the destination as the MIP address, instead of a trust address.

From the command line interface (CLI):

set flow vpn-untrust-mip [Enter]
save [Enter]

Related Links: