Configure Vpn Ipsec In Netscreen Device - ITPortal - Latest Tech News
26
post-template-default,single,single-post,postid-26,single-format-standard,qode-news-1.0.2,ajax_fade,page_not_loaded,,qode-title-hidden,qode_grid_1300,qode-content-sidebar-responsive,qode-theme-ver-14.4,qode-theme-bridge,disabled_footer_top,wpb-js-composer js-comp-ver-5.4.7,vc_responsive

Configure Vpn Ipsec In Netscreen Device

In this post, we will describe how to configure Ipsec VPN (Client-to-Site) in netscreen device.

The device version is 6.3.x.

The remote user will connect to the internal network 192.168.24.0/24

 

Network topology

Configuring Dial UP VPN Using Web User interface

First we need to create Dial User-account.

Configure Vpn Ipsec In Netscreen Device

Configure Vpn Ipsec In Netscreen Device

Click Objects => Users => Local => New

Create Dial UP user

Now we will create a dial UP VPN Group

Click Objects => Users => Local Groups => New

Group Name:VPNGroup

Select the user desires to add and then click OK.

Configure Vpn Ipsec In Netscreen-Create VPN Dial UP Group

Configure Vpn Ipsec In Netscreen-Create VPN Dial UP Group

Create the phase 1 IKE Gateways:

Click VPNs => Autokey Advanced => Gateway => New

Gateway Name: DialUP-GW and select Remote Gateway => Dialup User Group (VPNGroup) => Advanced: Preshared Key; netscreen

Outgoing interface:ethernet0/0 (Interface that is used for internet connection)

Security Level, Userdefined, Select Custom and Select Phase1 Proposal:pre-g2-2des-sha

Mode (initiator):Aggressive and Enable Nat-Traversal

Click Return and OK

Configure Vpn Ipsec In Netscreen - Creating VPN Phase 1

Configure Vpn Ipsec In Netscreen – Creating VPN Phase 1

Phase 1 advanced parameters

Configure Vpn Ipsec In Netscreen-Phase 1 advanced parameters

Configure Vpn Ipsec In Netscreen-Phase 1 advanced parameters

After creating the Phase 1, we need to create Phase2 negociation

Click VPNs => Autokey IKE

Click New

VPN Name: VPNDialup

Select Remote Gateway Predefined DialUP-GW.

Creating VPN Phase 2

Configure Vpn Ipsec In Netscreen-Creating VPN Phase 2

 

Then click Advanced, Security Level => User Defined and select g2-esp-3des-sha

Click Return and then OK

Phase 2 Advanced parameters

Configure Vpn Ipsec In Netscreen-Creating VPN Phase 2

Now we need to create Dial UP VPN Policy:

Click Policy => Policies => Click New

Select from

Source Address: Address Book: Select Dial-Up VPN

Configure Vpn Ipsec In Netscreen- Phase 2 Advanced parameters

Destination Address: Click New Address: 192.168.24.0/24

Service: Any

Action: Tunnel

Tunnel: Dialup VPN

Click Position at Top

Click OK

Configuring DialUp vpn using CLI

 

    set user “User1” ike-id u-fqdn “user1@seyfi.org” share-limit 1

    set user “User1” type ike

    set user “User1” “enable”

    set user-group “VPNGroup” id 1

    set user-group “VPNGroup” user “User1”

    set ike gateway “Dialup GW” dialup “VPNGroup” Aggr outgoing-interface “ethernet0/0” preshare netscreen proposal “pre-g2-3des-sha”

    set ike gateway “Dialup GW” nat-traversal keepalive-frequency 5

    set vpn “Dialup VPN” gateway “Dialup GW” no-replay tunnel idletime 0 proposal “g2-esp-3des-sha”

    set address “LAN” “192.168.24.0/24” 192.168.24.0 255.255.255.0

    set policy from “Internet” to “LAN” “Dial-Up VPN” “192.168.24.0/24” “ANY” tunnel vpn “Dialup VPN”

No Comments

Post A Comment