Configure Vpn Ipsec In Netscreen Device

In this post, we will describe how to configure Ipsec VPN (Client-to-Site) in netscreen device.

The device version is 6.3.x.

The remote user will connect to the internal network 192.168.24.0/24

 

Network topology

Configuring Dial UP VPN Using Web User interface

First we need to create Dial User-account.

Configure Vpn Ipsec In Netscreen Device
Configure Vpn Ipsec In Netscreen Device

Click Objects => Users => Local => New

Create Dial UP user

Now we will create a dial UP VPN Group

Click Objects => Users => Local Groups => New

Group Name:VPNGroup

Select the user desires to add and then click OK.

Configure Vpn Ipsec In Netscreen-Create VPN Dial UP Group
Configure Vpn Ipsec In Netscreen-Create VPN Dial UP Group

Create the phase 1 IKE Gateways:

Click VPNs => Autokey Advanced => Gateway => New

Gateway Name: DialUP-GW and select Remote Gateway => Dialup User Group (VPNGroup) => Advanced: Preshared Key; netscreen

Outgoing interface:ethernet0/0 (Interface that is used for internet connection)

Security Level, Userdefined, Select Custom and Select Phase1 Proposal:pre-g2-2des-sha

Mode (initiator):Aggressive and Enable Nat-Traversal

Click Return and OK

Configure Vpn Ipsec In Netscreen - Creating VPN Phase 1
Configure Vpn Ipsec In Netscreen – Creating VPN Phase 1

Phase 1 advanced parameters

Configure Vpn Ipsec In Netscreen-Phase 1 advanced parameters
Configure Vpn Ipsec In Netscreen-Phase 1 advanced parameters

After creating the Phase 1, we need to create Phase2 negociation

Click VPNs => Autokey IKE

Click New

VPN Name: VPNDialup

Select Remote Gateway Predefined DialUP-GW.

Creating VPN Phase 2

Configure Vpn Ipsec In Netscreen-Creating VPN Phase 2

 

Then click Advanced, Security Level => User Defined and select g2-esp-3des-sha

Click Return and then OK

Phase 2 Advanced parameters

Configure Vpn Ipsec In Netscreen-Creating VPN Phase 2

Now we need to create Dial UP VPN Policy:

Click Policy => Policies => Click New

Select from

Source Address: Address Book: Select Dial-Up VPN

Configure Vpn Ipsec In Netscreen- Phase 2 Advanced parameters

Destination Address: Click New Address: 192.168.24.0/24

Service: Any

Action: Tunnel

Tunnel: Dialup VPN

Click Position at Top

Click OK

Configuring DialUp vpn using CLI

 

    set user “User1” ike-id u-fqdn “user1@seyfi.org” share-limit 1

    set user “User1” type ike

    set user “User1” “enable”

    set user-group “VPNGroup” id 1

    set user-group “VPNGroup” user “User1”

    set ike gateway “Dialup GW” dialup “VPNGroup” Aggr outgoing-interface “ethernet0/0” preshare netscreen proposal “pre-g2-3des-sha”

    set ike gateway “Dialup GW” nat-traversal keepalive-frequency 5

    set vpn “Dialup VPN” gateway “Dialup GW” no-replay tunnel idletime 0 proposal “g2-esp-3des-sha”

    set address “LAN” “192.168.24.0/24” 192.168.24.0 255.255.255.0

    set policy from “Internet” to “LAN” “Dial-Up VPN” “192.168.24.0/24” “ANY” tunnel vpn “Dialup VPN”

Allow Url In Squid Using Regex

In this post, we will describe how to use regex for connecting to destination web site using squid.

  1. Open the squid configuration file:

Vi /etc/squid3/squid.conf

  1. Defining the destination url

########Object Definition###################

 

Acl google_api url_regex ^http://ajax.googleapis.com/ajax/*

  1. Authorize access:

######################Autorization######################

 

http_access allow google_api

  1. After saving the configuration we will proceed to reload squid process

/etc/ini.d/squid3 reload