All:
I have searched and searched for an answer to this, and I haven't found it for sure yet. I need one roaming external laptop (behind various NAT firewalls with dynamic public IPs) to be able to VPN into our NetScreen 25 and have all its traffic route through the tunnel and out the Internet access on the NS25's public IP address. What is so frustrating is that years ago I did have this configured using an Xauth-based VPN, and now I can't figure it out.
I currently have a working policy-based Dial-Up VPN, but the external laptop has only LAN access through it. Internet access does NOT come down the tunnel. When I force "Use default gateway on remote network" on the Safenet Virtual Adapter, Internet access does not work at all (though LAN access still does, of course).
- NS25 is running 5.3.0r7.0 (Firewall+VPN)
- NSR is 10.3.5 (Build 6)
- Laptop is WinXP Pro Sp3 fully up-to-date
- LAN subnet is 10.100.1.0/24
- LAN default gateway is NOT NS25, is another firewall
- NSR is forcing 10.100.2.15 as Internal Network IP address
- LAN gateway is routing 10.100.2.0/24 traffic to NS25 Trust interface
Even though the NS25 is not the default gateway of the LAN, the external laptop can ping everything inside properly due to the forced 10.100.2.15 IP and the routing I mentioned in the last bullet point.
If I can get Internet traffic to route through my existing Dial-UP VPN, that would be great. If not, I am completely open to trashing this Dial-UP VPN and building a new one that will successfully route ALL traffic through the tunnel.
Thank you in advance for your help.
