23 Jul Configure VPN IPSEC in netscreen device
In this post, we will describe how to configure Ipsec VPN (Client-to-Site) in netscreen device.
The device version is 6.3.x.
The remote user will connect to the internal network 192.168.24.0/24
Configuring Dial UP VPN Using Web User interface
First we need to create Dial User-account.
Create Dial UP user
Now we will create a dial UP VPN Group
Click ObjectsUsersLocal GroupsNew
Select the user desires to add and then click OK.
Create the phase 1 IKE Gateways:
Click VPNsAutokey AdvancedGatewayNew
Gateway Name: DialUP-GW and select Remote GatewayDialup User Group (VPNGroup) Advanced: Preshared Key; netscreen
Outgoing interface:ethernet0/0 (Interface that is used for internet connection)
Security Level, Userdefined, Select Custom and Select Phase1 Proposal:pre-g2-2des-sha
Mode (initiator):Aggressive and Enable Nat-Traversal
Click Return and OK
After creating the Phase 1, we need to create Phase2 negociation
Click VPNsAutokey IKE
VPN Name: VPNDialup
Select Remote Gateway Predefined DialUP-GW.
Then click Advanced, Security Level User Defined and select g2-esp-3des-sha
Click Return and then OK
Now we need to create Dial UP VPN Policy:
Click Policy Policies Click New
Source Address: Address Book: Select Dial-Up VPN
Destination Address: Click New Address: 192.168.24.0/24
Tunnel: Dialup VPN
Click Position at Top
Configuring DialUp vpn using CLI
set user “User1” ike-id u-fqdn “email@example.com” share-limit 1
set user “User1” type ike
set user “User1” “enable”
set user-group “VPNGroup” id 1
set user-group “VPNGroup” user “User1”
set ike gateway “Dialup GW” dialup “VPNGroup” Aggr outgoing-interface “ethernet0/0” preshare netscreen proposal “pre-g2-3des-sha”
set ike gateway “Dialup GW” nat-traversal keepalive-frequency 5
set vpn “Dialup VPN” gateway “Dialup GW” no-replay tunnel idletime 0 proposal “g2-esp-3des-sha”
set address “LAN” “192.168.24.0/24” 192.168.24.0 255.255.255.0
set policy from “Internet” to “LAN” “Dial-Up VPN” “192.168.24.0/24” “ANY” tunnel vpn “Dialup VPN”