Configuring a Gateway for Site A

To configure a gateway for site A, perform the following steps:

Open the WebUI. For more information on accessing the WebUI, go to Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI

From the NetScreen options menu, click VPNs, select AutoKey Advanced, and then click Gateway.

From the Gateway selection screen, click New.

From the Gateway Name text box, enter a gateway name.

For this example, we entered Site B GW.

From Security Level, click to select Custom.

From Remote Gateway Type, click to select DynamicIP Address, and then in the Peer ID text box, enter the Local ID that will be entered on the Site B NetScreen.

For this example, we entered siteb.netscreen.com.

The Peer ID must match the Local ID on the Site B NetScreen.

In the Preshared Key text box, enter a Preshared Key.

The pre-shared keys on Juniper firewall device A and Juniper firewall device B must be identical.

From the Outgoing Interface drop-down menu, click to choose the interface from which you connect to the Internet.

For this example, we selected ethernet3.

Click Advanced.

From the Phase 1 Proposal drop-down menu, click to choose a phase 1 proposal.

Your Juniper firewall supports up to four proposals for Phase 1 negotiations, allowing you to define how restrictive a range of security parameters for key negotiation you will accept.

For this example, we selected pre-g2-3des-sha.

From Mode (Initiator), click to select Aggressive.

Click Return.

Click OK.

Troubleshooting