KB Home KB Home Back to all Knowledge Base Browse Knowledge Base Categories Printer Friendly Version Printer Friendly

Configuring Phase 2 Proposals
Knowledge Base ID: KB4116
Version: 4.0
Published: 07 Oct 2008
Updated: 07 Oct 2008
Categories: . Firewall/IPSec_VPN
. IPSec
. ScreenOS

Synopsis:
Configuring Phase 2 Proposals

Solution:

To configure phase 2 proposals, perform the following steps:

Step one: Open the WebUI. For more information on accessing the WebUI, go to Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI

Step two: From the Juniper Firewall menu, click VPNs, and then click AutoKey IKE.

Image of step two

Step three: From the AutoKey IKE page, click New.

Image of step three

Step four: In the VPN Name text box, enter a VPN Name.

Note: For this example, we entered dialupvpn1.

Image of step four and five

Step five: From Security Level, click to select Custom.

Step six: From Remote Gateway, in the Predefined drop-down menu, click to select your predefined gateway. For more information about configuring predefined gateways, go to Configuring Phase 1 Proposals.

Note: For this example, we selected vpngateway1.

Image of step six

Step seven: Click Advanced.

Image of step seven

Step eight: From the Phase 2 Proposal drop-down menu, click to select a Phase 2 Proposal.

Note: Your Juniper Firewall supports up to four proposals for Phase 2 negotiations, allowing you to define how restrictive a range of security parameters for key negotiation you will accept.

Note: For this example, we chose one proposal, and selected nopfs-esp-des-sha.

Image of step eight

Step nine: Click Return.

Image of step nine

Step ten: Click OK.

Image of step ten

Purpose:
Troubleshooting

ASK THE KB
Question or KB ID:



RELATED TOPICS