This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN net-to-net initiated from one side

having a net-to-net vpn connection working well, with
one side asl 4.0, other side netscreen device.
problem: the connection should only be established from
one side (typical scenario: support stuff has to work on
customers network, no access the other way).

in our case: the astaro-side should not establish the
tunnel itself, only waiting for the other side to initiate...
(on netscreen i have the possibilty to define a policy that
allows only outgoing or incoming connection).
We already tried with road warrior, but this doesn't work
with the netscreen box.

can i do this with asl 4.0?

thanks for any help!

This thread was automatically locked due to age.

Parents

0 Marcel_01 over 22 years ago

assuming you have static official IPs on both sides, set the remote endpoint on ASL to 'any' (or 'dynamic address'), so ASL won't know where to connect and therefore only waits for incoming connections.

when doing these changes, please make sure you use hostname or email-address as VPN idetifier for the remote box .. (set it there as local ID as well)

/marcel
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Marcel_01 over 22 years ago

assuming you have static official IPs on both sides, set the remote endpoint on ASL to 'any' (or 'dynamic address'), so ASL won't know where to connect and therefore only waits for incoming connections.

when doing these changes, please make sure you use hostname or email-address as VPN idetifier for the remote box .. (set it there as local ID as well)

/marcel
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data