Configure VPN IPSEC in netscreen device - ITPortal - Latest Tech News
15507
post-template-default,single,single-post,postid-15507,single-format-standard,qode-news-1.0.2,ajax_fade,page_not_loaded,,qode-title-hidden,qode_grid_1300,qode-content-sidebar-responsive,qode-theme-ver-16.7,qode-theme-bridge,disabled_footer_top,wpb-js-composer js-comp-ver-5.4.7,vc_responsive

Configure VPN IPSEC in netscreen device

In this post, we will describe how to configure Ipsec VPN (Client-to-Site) in netscreen device.

The device version is 6.3.x.

The remote user will connect to the internal network 192.168.24.0/24

Configuring Dial UP VPN Using Web User interface

First we need to create Dial User-account.

Click ObjectsUsersLocalNew

Create Dial UP user

Now we will create a dial UP VPN Group

Click ObjectsUsersLocal GroupsNew

Group Name:VPNGroup

Select the user desires to add and then click OK.

Create VPN Dial UP Group

Create the phase 1 IKE Gateways:

Click VPNsAutokey AdvancedGatewayNew

Gateway Name: DialUP-GW and select Remote GatewayDialup User Group (VPNGroup) Advanced: Preshared Key; netscreen

Outgoing interface:ethernet0/0 (Interface that is used for internet connection)

Security Level, Userdefined, Select Custom and Select Phase1 Proposal:pre-g2-2des-sha

Mode (initiator):Aggressive and Enable Nat-Traversal

Click Return and OK

Creating VPN Phase 1

Phase 1 advanced parameters

After creating the Phase 1, we need to create Phase2 negociation

Click VPNsAutokey IKE

Click New

VPN Name: VPNDialup

Select Remote Gateway Predefined DialUP-GW.

Creating VPN Phase 2

Then click Advanced, Security Level User Defined and select g2-esp-3des-sha

Click Return and then OK

Phase 2 Advanced parameters

Now we need to create Dial UP VPN Policy:

Click Policy Policies Click New

Select from

Source Address: Address Book: Select Dial-Up VPN

Destination Address: Click New Address: 192.168.24.0/24

Service: Any

Action: Tunnel

Tunnel: Dialup VPN

Click Position at Top

Click OK

Configuring DialUp vpn using CLI

 

    set user “User1” ike-id u-fqdn “user1@seyfi.org” share-limit 1

    set user “User1” type ike

    set user “User1” “enable”

    set user-group “VPNGroup” id 1

    set user-group “VPNGroup” user “User1”

    set ike gateway “Dialup GW” dialup “VPNGroup” Aggr outgoing-interface “ethernet0/0” preshare netscreen proposal “pre-g2-3des-sha”

    set ike gateway “Dialup GW” nat-traversal keepalive-frequency 5

    set vpn “Dialup VPN” gateway “Dialup GW” no-replay tunnel idletime 0 proposal “g2-esp-3des-sha”

    set address “LAN” “192.168.24.0/24” 192.168.24.0 255.255.255.0

    set policy from “Internet” to “LAN” “Dial-Up VPN” “192.168.24.0/24” “ANY” tunnel vpn “Dialup VPN”

No Comments

Post A Comment