Configuring an IPSec Security Gateway for the Local Site

To configure an IPSec Security Gateway for the local site, perform the following steps:

Open the WebUI. For more information on accessing the WebUI, go to Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI

From the Juniper firewall menu, click VPNs, select AutoKey Advanced, and then click Gateway.

From the Gateway Name text box, enter a gateway name.

For this example, we entered vpngateway1.

From Security Level, click to select Custom.

From Remote Gateway Type, click to select Static IP Address, and then in the IP Address text box, enter the remote gateway IP address.

For this example, we entered 2.2.2.1.

In the Preshared Key text box, enter a Preshared Key.

The pre-shared keys on Juniper firewall device A and Juniper firewall device B must be identical.

From the Outgoing Interface drop-down menu, click to choose your internet interface.

For this example, we selected ethernet3.

Click Advanced.

From the Phase 1 Proposal drop-down menu, click to choose a phase 1 proposal.

Your Juniper firewall supports up to four proposals for Phase 1 negotiations, allowing you to define how restrictive a range of security parameters for key negotiation you will accept.

For this example, we selected pre-g2-des-sha.

Click Return.

Click OK.

Troubleshooting