Quantcast
Channel: All SRX Services Gateway posts
Viewing all articles
Browse latest Browse all 17645

Re: VPN Hub and Spoke with IP Dynamic tunnel up but can not ping

April 23, 2017, 4:26 am
$
0
0

Here is policies on Hub and Spoke. Please check help me, thank you.

Hub
root@FW# show security policies
from-zone Internet to-zone DMZ {
policy All_Internet_DMZ {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone DMZ to-zone Internet {
policy AllowAll_Internet_DMZ {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Internal to-zone Internet {
policy AllowAll_Internet_Internal {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Internet to-zone Internal {
policy remote-to-srv {
match {
source-address any;
destination-address Server;
application rdp;
}
then {
permit;
}
}
}
from-zone Internal to-zone DMZ {
policy All_Internal_DMZ {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Internal to-zone Internal {
policy internal_internal {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Internal to-zone vpn-htn {
policy vpn-site-htn {
match {
source-address PT;
destination-address [ HTN vpn-nt TL LG ];
application any;
}
then {
permit;
}
}
}
from-zone vpn-htn to-zone Internal {
policy vpn-site-htn {
match {
source-address [ HTN vpn-nt TL LG ];
destination-address PT;
application any;
}
then {
permit;
}
}
}
from-zone DMZ to-zone Internal {
policy DMZ_To_Internal {
match {
source-address any;
destination-address any;
application any;
source-identity any;
}
then {
deny;
}
}
}
inactive: from-zone vpn-htn to-zone vpn-htn {
policy spokevpn {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
default-policy {
permit-all;
}

 

Branch

 

root# show security policies
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone vpn-pt {
policy vpn-tr-chi {
match {
source-address NT;
destination-address PT;
application any;
}
then {
permit;
}
}
}
from-zone vpn-pt to-zone trust {
policy vpn-chi-tr {
match {
source-address PT;
destination-address NT;
application any;
}
then {
permit;
}
}
}
default-policy {
permit-all;
}

[edit]

Search
Viewing all articles
Browse latest Browse all 17645
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>