Configure IPSEC VPN in netscreen Firewall

by admin

In this post, we will describe how to configure Ipsec VPN (Client-to-Site) in netscreen device.

The device version is 6.3.x.

The remote user will connect to the internal network 192.168.24.0/24

Configuring Dial UP VPN Using Web User interface

First we need to create Dial User-account.

Click Objects →Users →Local →New

 

Now we will create a dial UP VPN Group

Click Objects → Users → Local Groups → New

Group Name:VPNGroup

Select the user desires to add and then click OK.

Create VPN Dial Up Group

Create the phase 1 IKE Gateways:

Click VPNs → Autokey Advanced → Gateway → New

Gateway Name: DialUP-GW and select Remote Gateway → Dialup User Group (VPNGroup) → Advanced: Preshared Key; netscreen

Outgoing interface:ethernet0/0 (Interface that is used for internet connection)

Security Level, Userdefined, Select Custom and Select Phase1 Proposal:pre-g2-2des-sha

Mode (initiator):Aggressive and Enable Nat-Traversal

Click Return and OK

creating VPN phase 1
phase 1 Advanced parameters

After creating the Phase 1, we need to create Phase2 negociation

Click VPNs → Autokey IKE

Click New

VPN Name: VPNDialup

Select Remote Gateway Predefined DialUP-GW.

Creating VPN Phase 2

Then click Advanced, Security Level → User Defined and select g2-esp-3des-sha

Click Return and then OK   

Now we need to create Dial UP VPN Policy:

Click Policy → Policies → Click New

Select from

Source Address: Address Book: Select Dial-Up VPN

Destination Address: Click New Address: 192.168.24.0/24

Service: Any

Action: Tunnel

Tunnel: Dialup VPN

Click Position at Top

Click OK

Configuring DialUp vpn using CLI

    set user “User1” ike-id u-fqdn “[email protected]” share-limit 1

    set user “User1” type ike

    set user “User1” “enable”

    set user-group “VPNGroup” id 1

    set user-group “VPNGroup” user “User1”

    set ike gateway “Dialup GW” dialup “VPNGroup” Aggr outgoing-interface “ethernet0/0” preshare netscreen proposal “pre-g2-3des-sha”

    set ike gateway “Dialup GW” nat-traversal keepalive-frequency 5

    set vpn “Dialup VPN” gateway “Dialup GW” no-replay tunnel idletime 0 proposal “g2-esp-3des-sha”

    set address “LAN” “192.168.24.0/24” 192.168.24.0 255.255.255.0

    set policy from “Internet” to “LAN” “Dial-Up VPN” “192.168.24.0/24” “ANY” tunnel vpn “Dialup VPN”

Related Posts

Leave a Comment