IPSec VPN with SRX5308

IPsec tunnel will only uses local internet traffic for http etc

IPsec tunnel will not resolves PC name via tunnel unless you use modeconfig with own DNS server

IPsec needs 2x public and 2x private with BOTH side different LAN subnet (ex, 192.168.50.x and 192.168.60.x)

IPsec tunnel will only uses local internet traffic for http etc

This means that client http requests cross the VPN tunnel ?

IPsec tunnel will not resolves PC name via tunnel unless you use modeconfig with own DNS server

So, I have to use modeconfig if I want to go on Internet while tunnel is open ?

IPsec needs 2x public and 2x private with BOTH side different LAN subnet (ex, 192.168.50.x and 192.168.60.x)

It's already done. I also created a static route between the gateway and the client.

Http will NOT use IPSec . Local where client is connected

Only SSL-VPN in full tunnel

If HTTP doesn't use the IPSec tunnel, why I can't go on Internet when the tunnel is open?

No static route needed. Post screenshots of what you did.

I will explain what I did in the following lines:

I used the "VPN Wizard" to create the VPN configuration. I choosed "VPN Client", I entered a name and a pre-shared key for the connection, a FQDN for the remote host and the gateway. I clicked on "Apply".

Then, I installed Netgear Prosafe VPN client on a Windows 7 computer. I entered the gateway's public IP, the pre-shared key and the two FQDN in the reserved fields.

Then, I entered an IP address which is in the remote LAN IP address range for the client, the network LAN address and mask. I used the gateway address for the DNS server field.

I created a static route on the gateway which destination is the client, a static route on a computer of the remote LAN which destination is the client and two static routes on the clients which go to the gateway and to the remote LAN host.

I will explain what I did in the following lines:
1. I created the VPN policy with the VPN Wizard:





2. I installed on a Windows 7 PC the Netgear Prosafe VPN client.
3. I clicked on "Configuration" and "Configuration assistant".
4. I answered all questions on the assistant.
5. On the Netgear client:




6. I created some static routes between the gateway and the client and between an host in the remote LAN and the client.

franck_martin2 wrote:
If HTTP doesn't use the IPSec tunnel, why I can't go on Internet when the tunnel is open?

IPsec tunnel will NOT allow any internet traffic to go through your VPN tunnel f for remote user. It will continue to use local internet for surfing while other sharing file can be used in the tunnel

franck_martin2 wrote:

I will explain what I did in the following lines: I used the "VPN Wizard" to create the VPN configuration. I choosed "VPN Client", I entered a name and a pre-shared key for the connection, a FQDN for the remote host and the gateway. I clicked on "Apply". Then, I installed Netgear Prosafe VPN client on a Windows 7 computer. I entered the gateway's public IP, the pre-shared key and the two FQDN in the reserved fields. Then, I entered an IP address which is in the remote LAN IP address range for the client, the network LAN address and mask. I used the gateway address for the DNS server field. I created a static route on the gateway which destination is the client, a static route on a computer of the remote LAN which destination is the client and two static routes on the clients which go to the gateway and to the remote LAN host.

This setup ONLY allows to access server, shared files etc while you will NOT have any internet taffic to surf via SRX while remote user is connected. It will use local internet where user is connected for surfing the internet

if you want ALL traffic go ONLY via tunnel including internet (surfing for user) then you need to use SSL-VPN tunnel (no IPsec) with full tunnel (no split tunnel)

Why my gateway (SRX5308) can't transfers ping packets from LAN host to client ?