Meerdere gelijke pptp tunnels werken niet

Hallo,

Situatie:

Werkende situatie:
netwerk: 192.168.0.0 /24
Netwerk A gebruiker A pptp door draytek 2500 (nat) naar netwerk C (pptp login A)
Netwerk A gebruiker B pptp door draytek 2500 (nat) naar netwerk C (pptp login A)

Niet meer werkende situatie:
netwerk: 10.202.0.0 / 16
Netwerk A gebruiker A pptp door netscreen ssg-20 (nat) naar netwerk C (pptp login A)
Netwerk A gebruiker B pptp door netscreen ssg-20 (nat) naar netwerk C (pptp login A)

Netscreen SSG-20
Hardware Version: 710(0)
Firmware Version: 6.0.0r2.0 (Firewall+VPN)


Ik heb dus bij deze klant die zijn klanten weer ondersteund via pptp tunnels het netwerk omgezet naar een /16 netwerk en de draytek die hier niet goed mee overweg kon (websites niet te benaderen) vervangen door een Netscreen ssg-20.
Nu werken meerdere dezelfde pptp tunnels naar een klant niet meer.
Wanneer gebruiker A uit netwerk A connect naar netwerk C en daarna gebruiker B uit netwerk A connect naar netwerk C dan wordt gebruiker A verbroken en die kan dan de komende 30 minuten geen verbinding meer maken.

Ik zat zelf te denken dat de netscreen niet in staat is onderscheidt te maken tussen de 2 GRE tunnels die worden opgezet en voor de laatste kiest waardoor de eerste de verbinding kwijt is. Maar dan snap ik niet waarom het met een ******* draytek wel werkte.
Ik wordt er een beetje wanhopig van van want ik ben de boeman....
Iemand ideen?

[ Voor 3% gewijzigd door Acmosa op 21-12-2007 11:09 ]

set clock timezone 1
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin auth timeout 10
set admin auth server "Local"
set admin format dos
set vip multi-port
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "DMZ" tcp-rst
set zone "VLAN" block
unset zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface adsl1/0 phy operating-mode auto
set interface "ethernet0/0" zone "Untrust"
set interface "ethernet0/1" zone "DMZ"
set interface "bgroup0" zone "Trust"
set interface "bgroup1" zone "DMZ"
set interface "adsl1/0" pvc 8 48 mux vc protocol bridged qos ubr zone "Untrust"
set interface bgroup0 port ethernet0/2
set interface bgroup0 port ethernet0/3
set interface bgroup0 port ethernet0/4
unset interface vlan1 ip
set interface bgroup0 ip 10.202.1.1/16
set interface bgroup0 nat
set interface bgroup0 ip 192.168.0.1 255.255.255.0 secondary
set interface adsl1/0 ip extern/32
set interface adsl1/0 route
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface bgroup0 ip manageable
unset interface adsl1/0 ip manageable
set interface bgroup0 manage mtrace
unset interface bgroup1 manage ping
set interface bgroup0 monitor track-ip ip
unset interface bgroup0 monitor track-ip dynamic
set interface "serial0/0" modem settings "USR" init "AT&F"
set interface "serial0/0" modem settings "USR" active
set interface "serial0/0" modem speed 115200
set interface "serial0/0" modem retry 3
set interface "serial0/0" modem interval 10
set interface "serial0/0" modem idle-time 10
set flow tcp-mss
unset flow tcp-syn-check
unset flow tcp-syn-bit-check
set flow reverse-route clear-text prefer
set flow reverse-route tunnel always
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set dns host dns1 0.0.0.0
set dns host dns2 0.0.0.0
set dns host dns3 0.0.0.0
set address "Trust" "10.204.0.0/16" 10.204.0.0 255.255.0.0
set address "Untrust" "10.201.1.0/24" 10.201.1.0 255.255.255.0
set ike respond-bad-spi 1
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
set url protocol websense
exit
set policy id 3 from "Trust" to "Untrust" "Any" "Any" "SMTP" deny log
set policy id 3
exit
set policy id 1 name "default" from "Trust" to "Untrust" "Any" "Any" "ANY" permit log count
set policy id 1
set log session-init
exit
set pppoa name "adsl1/0" interface adsl1/0
set syslog config "10.202.8.81"
set syslog config "10.202.8.81" facilities local0 local0
set syslog config "10.202.8.81" log traffic
set syslog config "10.202.8.81" transport tcp
set syslog src-interface bgroup0
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set config lock timeout 5
unset license-key auto-update
set snmp community "public" Read-Only Trap-on traffic version any
set snmp host "public" 10.202.0.59 255.255.255.255 src-interface bgroup0 trap v2
set snmp name "ssg20"
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
set route 10.10.10.0/24 interface bgroup0 gateway 10.202.1.2 preference 20
set route 192.168.200.0/24 interface bgroup0 gateway 10.202.1.2 preference 20
set route 10.201.1.0/24 interface bgroup0 gateway 10.202.1.2 preference 20 permanent
set route 192.168.0.0/24 interface bgroup0 gateway 10.202.1.2 preference 20 permanent
set route 192.168.1.0/24 interface bgroup0 gateway 10.202.1.2 preference 20 permanent
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit

Bedankt, dit stond vreemd genoeg uit. Aangezet en nu hebben we de problemen niet meer.

Opgelost.