Configure SNMP in Netscreen Firewall by web interface or CLI

In this post, we will describe how to configure snmp in Netscreen Firewall by web interface or CLI

  1. For configuring snmp in screenos by web interface :

we should be connected with RW account.

 

Navigate to Configuration[icons size=’fa-lg’ custom_size=” icon=’fa-quote-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Report Setting[icons size=’fa-lg’ custom_size=” icon=’fa-quote-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]SNMP

 

 

Configure Listen Port and trap port (by default listen port is 161 and trap port is 162)

And the apply.

Now we need to configure the community.

Click new community

Set the community name, choose the snmp version, the server address and the trap version. Then click add.

2. For configuring snmp by CLI:
set snmp community “FW-Comm” Read-Write Trap-on traffic version v2c
set snmp host “FW-Comm” 192.168.1.100/32 trap v2
set snmp port listen 161
set snmp port trap 162

Configure VPN IPSEC in netscreen device

In this post, we will describe how to configure Ipsec VPN (Client-to-Site) in netscreen device.

The device version is 6.3.x.

The remote user will connect to the internal network 192.168.24.0/24

Configuring Dial UP VPN Using Web User interface

First we need to create Dial User-account.

Click Objects[icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Users[icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Local[icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]New

Create Dial UP user

Now we will create a dial UP VPN Group

Click Objects[icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Users[icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Local Groups[icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]New

Group Name:VPNGroup

Select the user desires to add and then click OK.

Create VPN Dial UP Group

Create the phase 1 IKE Gateways:

Click VPNs[icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Autokey Advanced[icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Gateway[icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]New

Gateway Name: DialUP-GW and select Remote Gateway[icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Dialup User Group (VPNGroup) [icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Advanced: Preshared Key; netscreen

Outgoing interface:ethernet0/0 (Interface that is used for internet connection)

Security Level, Userdefined, Select Custom and Select Phase1 Proposal:pre-g2-2des-sha

Mode (initiator):Aggressive and Enable Nat-Traversal

Click Return and OK

Creating VPN Phase 1
Phase 1 advanced parameters

After creating the Phase 1, we need to create Phase2 negociation

Click VPNs[icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Autokey IKE

Click New

VPN Name: VPNDialup

Select Remote Gateway Predefined DialUP-GW.

Creating VPN Phase 2

Then click Advanced, Security Level [icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]User Defined and select g2-esp-3des-sha

Click Return and then OK

Phase 2 Advanced parameters

Now we need to create Dial UP VPN Policy:

Click Policy [icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Policies [icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Click New

Select from

Source Address: Address Book: Select Dial-Up VPN

Destination Address: Click New Address: 192.168.24.0/24

Service: Any

Action: Tunnel

Tunnel: Dialup VPN

Click Position at Top

Click OK

Configuring DialUp vpn using CLI

 

    set user “User1” ike-id u-fqdn “user1@seyfi.org” share-limit 1

    set user “User1” type ike

    set user “User1” “enable”

    set user-group “VPNGroup” id 1

    set user-group “VPNGroup” user “User1”

    set ike gateway “Dialup GW” dialup “VPNGroup” Aggr outgoing-interface “ethernet0/0” preshare netscreen proposal “pre-g2-3des-sha”

    set ike gateway “Dialup GW” nat-traversal keepalive-frequency 5

    set vpn “Dialup VPN” gateway “Dialup GW” no-replay tunnel idletime 0 proposal “g2-esp-3des-sha”

    set address “LAN” “192.168.24.0/24” 192.168.24.0 255.255.255.0

    set policy from “Internet” to “LAN” “Dial-Up VPN” “192.168.24.0/24” “ANY” tunnel vpn “Dialup VPN”