Thank you I did add your listed command and Commit. Its still not working. I tryed to ping the 192.168.178.5 interface from my PC and got no responce when I connected to the VPN.
HH.164.205.14 no responce
192.168.178.5 no responce
10.0.0.1 Got a reply which was me.
Maybe I should redo the IP pool to match the 192.168.178.1 interface?
So I redid the SRX100 using Firefox to the config we need below.
VPN through the internet to SRX100 to the Controls network 192.168.0.1 the Gtown network is my backdoor access to the SRX.
In the SRX100 I can ping 192.168.0.13 which is building ethernet card. When I connect to the VPN I can not ping anything but the pool address it gave me.
Any help would be great.
## Last changed: 2016-11-24 13:04:30 GMT-8
version 12.1X46-D35.1;
system {
host-name VPN02;
time-zone GMT-8;
root-authentication {
encrypted-password "Vv.Vjt$ct.yTEhyj6s8Wj9NMlRDr1";
}
name-server {
205.171.3.65;
205.171.2.65;
208.67.222.222;
208.67.220.220;
}
name-resolution {
no-resolve-on-input;
}
services {
ssh;
web-management {
http {
interface fe-0/0/2.0;
}
https {
system-generated-certificate;
interface [ fe-0/0/0.0 fe-0/0/7.0 fe-0/0/2.0 ];
}
session {
idle-timeout 60;
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
ntp {
server us.ntp.pool.org;
}
}
interfaces {
fe-0/0/0 {
unit 0 {
family inet {
address XX.164.205.14/29;
}
}
}
fe-0/0/2 {
unit 0 {
family inet {
address 192.168.0.1/24;
}
}
}
fe-0/0/7 {
unit 0 {
family inet {
address 192.168.178.5/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop XX.164.205.9;
}
}
protocols {
stp;
}
security {
ike {
policy ike_policy_startup_rvpn {
mode aggressive;
proposal-set standard;
pre-shared-key ascii-text "8gdLdsgoGDkPbsaUjkQz";
}
gateway gw_startup_rvpn {
ike-policy ike_policy_startup_rvpn;
dynamic {
hostname SRX-GW;
connections-limit 50;
ike-user-type group-ike-id;
}
external-interface fe-0/0/0.0;
xauth access-profile remote_access_profile;
}
}
ipsec {
policy ipsec_pol_startup_rvpn {
perfect-forward-secrecy {
keys group2;
}
proposal-set standard;
}
vpn startup_rvpn {
ike {
gateway gw_startup_rvpn;
ipsec-policy ipsec_pol_startup_rvpn;
}
}
}
dynamic-vpn {
access-profile remote_access_profile;
clients {
startup_rvpn_group {
remote-protected-resources {
0.0.0.0/0;
}
ipsec-vpn startup_rvpn;
user {
rcarongt;
}
}
}
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set nsw_srcnat {
from zone [ Controls Gtown ];
to zone Internet;
rule nsw-src-interface {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone Internet to-zone Controls {
policy policy_startup_rvpn_Controls {
match {
source-address any;
destination-address any;
application any;
}
then {
permit {
tunnel {
ipsec-vpn startup_rvpn;
}
}
log {
session-init;
session-close;
}
}
}
}
from-zone Gtown to-zone Internet {
policy All_Gtown_Internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Controls to-zone Internet {
policy All_Controls_Internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Gtown to-zone Controls {
policy All_Gtown_Controls {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Controls to-zone Gtown {
policy All_Gtown_Controls {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone Gtown {
interfaces {
fe-0/0/7.0 {
host-inbound-traffic {
system-services {
ping;
https;
ssh;
}
}
}
}
}
security-zone Controls {
interfaces {
fe-0/0/2.0 {
host-inbound-traffic {
system-services {
ping;
http;
https;
ssh;
}
}
}
}
}
security-zone Internet {
interfaces {
fe-0/0/0.0 {
host-inbound-traffic {
system-services {
https;
ike;
}
}
}
}
}
}
}
access {
profile remote_access_profile {
client rcarongt {
firewall-user {
password "$bDw4aJGDkmfoaCtuOREwY2aUH6/tIEyQFtOBIle";
}
}
address-assignment {
pool startup_rvpn_add_pool;
}
}
address-assignment {
pool startup_rvpn_add_pool {
family inet {
network 192.168.0.0/24;
range startup-rvpn-range {
low 192.168.0.30;
high 192.168.0.35;
}
}
}
}
firewall-authentication {
web-authentication {
default-profile remote_access_profile;
}
}
}