Knowledge Search


×
 

[Archive] VPN to subinterface

  [KB5686] Show Article Properties


Summary:

Symptoms:
VPN is terminated at one of the subinterface' define on Netscreen 500 which has a fix IP address One of the Netscreen is getting the IP address from ISP DHCP server Do not have any problem if both of the Netscreen' are using static IP address

The Security Association (SA) is active but no traffic can' send through the tunnel.' 
To check the SA status,

From the CLI type,

' ' ' '  get sa [Enter]


Solution:
Screen OS 3.1.0r5 and below do not support terminating VPN to a subinterface when configuring dynamic or dialup VPN
Screen OS 3.1.0r5 and below do not support terminating VPN to a subinterface when configuring dynamic or dialup VPN.
Solution: Upgrade to Screen OS 3.1.0r7 or later
Related Links: