KB Home KB Home Back to all Knowledge Base Browse Knowledge Base Categories Printer Friendly Version Printer Friendly

Configure NetScreen-Remote Using Pre-shared Secrets
Knowledge Base ID: KB4091
Version: 4.0
Published: 07 Oct 2008
Updated: 07 Oct 2008
Categories: . Firewall/IPSec_VPN
. IPSec
. NS_Remote_Security
. NS_Remote_VPN_Client
. ScreenOS

Synopsis:
Configure NetScreen-Remote Using Pre-shared Secrets

Solution:
Note: This article applies to NetScreen-Remote VPN Client 8.0 and above.

To log into the VPN with NetScreen-Remote using pre-shared secrets, perform the following steps:


Step one: From the Start menu, click Programs, click NetScreen-Remote, and then click Security Policy Editor.

Image of step one

Step two: From the Security Policy Editor dialog box, click the Add a new connection icon.

Image of step two

Step three: Click New Connection.

Image of step three

Step four: From Remote Party Identity and Addressing, in the ID Type drop-down menu, click to choose either IP Address, or IP Subnet.

Note: For this example, we chose IP Subnet.

Image of step four

Step five: Enter the destination Subnet and Mask.

Note: For this example, we entered a Subnet of 192.168.1.0 with a Mask of 255.255.255.0.

Image of step five

Step six: Click Connect using.

Image of step six and seven

Step seven: From the ID Type drop-down menu, select IP Address, and then enter the remote gateway IP address.

Note: For this example, we entered 1.1.1.1.

Step eight: Expand the New Connection icon.

Image of step eight

Step nine: Click Security Policy, and then click to select Aggressive Mode.

Image of step nine

Step ten: Click to select My Identity.

Image of step ten

Step eleven: From My Identity, in the Select Certificate drop-down menu, click to select None.

Image of step eleven

Step twelve: From the ID Type drop-down menu, click to select E-mail Address, and then enter your IKE Identity.

Note: For this example, we entered vpnuser@abc.com.

Image of step twelve

Step thirteen: Click Pre-Shared Key.

Image of step thirteen

Step fourteen: From the Pre-Shared Key dialog box, click Enter Key, and then enter your Pre-Shared key.

Image of step fourteen and fifteen

Step fifteen: Click OK.

Step sixteen: Expand Security Policy, expand Authentication (Phase 1), and then click Proposal 1.

Image of step sixteen

Step seventeen: From Encryption and Data Integrity Algorithms, click to select your Encrypt Alg, Hash Alg, and Key Group.

Note: For this example, we chose the default values of DES, SHA-1, and Diffie-Hellman Group 1.

Image of step seventeen

Step eighteen: Expand Key Exchange (Phase 2), and click Proposal 1.

Image of step eighteen

Step nineteen: From Encapsulation Protocol (ESP), select your Encrypt Alg and Hash Alg.

Note: For this example, we chose the default values of DES and SHA-1.

Image of step nineteen

Step twenty: Click File, and then click Save.

Image of step twenty

Note: After the NetScreen-Remote client has been configured, you can make the IKE VPN negotiate by sending traffic through the VPN. In this example, we have sent a ping to 192.168.1.10 (an IP Address on the Trust side of the Juniper Firewall) from the client. After 3 or 4 pings, the VPN should be established.

Image of note


Purpose:
Troubleshooting

ASK THE KB
Question or KB ID:



RELATED TOPICS