Configure SNMP in Juniper Firewall

In this post, we will describe how to configure snmp in Juniper firewall

We need to create the community. It will be named : FW-Comm

how to configure snmp in Juniper firewall

Enter configuration mode, then type:

Set snmp community FW-Comm authorization read-only

After defining the community we need to define the clients IP:

Set snmp community FW-Comm clients 192.168.1.100/32

how to configure snmp in Juniper firewall

Configure VPN IPSEC in netscreen device

In this post, we will describe how to configure Ipsec VPN (Client-to-Site) in netscreen device.

The device version is 6.3.x.

The remote user will connect to the internal network 192.168.24.0/24

Configuring Dial UP VPN Using Web User interface

First we need to create Dial User-account.

Click Objects[icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Users[icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Local[icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]New

Create Dial UP user

Now we will create a dial UP VPN Group

Click Objects[icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Users[icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Local Groups[icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]New

Group Name:VPNGroup

Select the user desires to add and then click OK.

Create VPN Dial UP Group

Create the phase 1 IKE Gateways:

Click VPNs[icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Autokey Advanced[icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Gateway[icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]New

Gateway Name: DialUP-GW and select Remote Gateway[icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Dialup User Group (VPNGroup) [icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Advanced: Preshared Key; netscreen

Outgoing interface:ethernet0/0 (Interface that is used for internet connection)

Security Level, Userdefined, Select Custom and Select Phase1 Proposal:pre-g2-2des-sha

Mode (initiator):Aggressive and Enable Nat-Traversal

Click Return and OK

Creating VPN Phase 1
Phase 1 advanced parameters

After creating the Phase 1, we need to create Phase2 negociation

Click VPNs[icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Autokey IKE

Click New

VPN Name: VPNDialup

Select Remote Gateway Predefined DialUP-GW.

Creating VPN Phase 2

Then click Advanced, Security Level [icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]User Defined and select g2-esp-3des-sha

Click Return and then OK

Phase 2 Advanced parameters

Now we need to create Dial UP VPN Policy:

Click Policy [icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Policies [icons size=’fa-lg’ custom_size=” icon=’fa-long-arrow-right’ type=’normal’ position=” border=’yes’ border_color=” icon_color=” background_color=” margin=” icon_animation=” icon_animation_delay=” link=” target=’_self’]Click New

Select from

Source Address: Address Book: Select Dial-Up VPN

Destination Address: Click New Address: 192.168.24.0/24

Service: Any

Action: Tunnel

Tunnel: Dialup VPN

Click Position at Top

Click OK

Configuring DialUp vpn using CLI

 

    set user “User1” ike-id u-fqdn “user1@seyfi.org” share-limit 1

    set user “User1” type ike

    set user “User1” “enable”

    set user-group “VPNGroup” id 1

    set user-group “VPNGroup” user “User1”

    set ike gateway “Dialup GW” dialup “VPNGroup” Aggr outgoing-interface “ethernet0/0” preshare netscreen proposal “pre-g2-3des-sha”

    set ike gateway “Dialup GW” nat-traversal keepalive-frequency 5

    set vpn “Dialup VPN” gateway “Dialup GW” no-replay tunnel idletime 0 proposal “g2-esp-3des-sha”

    set address “LAN” “192.168.24.0/24” 192.168.24.0 255.255.255.0

    set policy from “Internet” to “LAN” “Dial-Up VPN” “192.168.24.0/24” “ANY” tunnel vpn “Dialup VPN”