KB Home KB Home Back to all Knowledge Base Browse Knowledge Base Categories Printer Friendly Version Printer Friendly

Configuring a Phase 2 Proposal for the Remote Site
Knowledge Base ID: KB4132
Version: 4.0
Published: 07 Oct 2008
Updated: 07 Oct 2008
Categories: . Firewall/IPSec_VPN
. IPSec
. ScreenOS

Synopsis:
Configuring a Phase 2 Proposal for the Remote Site

Solution:

To configure a phase 2 proposal for the remote site, perform the following steps:

Step one: Open the WebUI. For more information on accessing the WebUI, go to Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI

Step two: From the Juniper firewall menu, click VPNs, and then click AutoKey IKE.

Image of step two

Step three: From the AutoKey IKE page, click New.

Image of step three

Step four: In the VPN Name text box, enter a VPN name.

Note: For this example, we entered vpntunnel2.

Image of step four and five

Step five: From Security Level, click to select Custom.

Step six: From Remote Gateway, in the Predefined drop-down menu, click to select your predefined gateway. For more information about configuring predefined gateways, go to Configuring Phase 1 Proposals.

Note: For this example, we selected vpngateway2.

Image of step six

Step seven: Click Advanced.

Image of step seven

Step eight: From the Phase 2 Proposal drop-down menu, click to choose a Phase 2 Proposal.

Note: Your Juniper firewall supports up to four proposals for Phase 2 negotiations, allowing you to define how restrictive a range of security parameters for key negotiation you will accept.

Note: For this example, we chose one proposal, and selected nopfs-esp-des-sha.

Image of step eight

Step nine: Click Return.

Image of step nine

Step ten: Click OK.

Image of step ten

Purpose:
Troubleshooting

ASK THE KB
Question or KB ID:



RELATED TOPICS