Configuring a Gateway for Site B

To configure a gateway for site B, perform the following steps:

Open the WebUI. For more information on accessing the WebUI, go to Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI

From the Juniper firewall menu, click VPNs, select AutoKey Advanced, and then click Gateway.

From the Gateway selection screen, click New.

From the Gateway Name text box, enter a gateway name.

For this example, we entered Site A GW.

From Security Level, click to select Custom.

From Remote Gateway Type, click to select StaticIP Address, and then in the IP Address text box, enter site A's untrust IP address.

For this example, we entered 1.1.1.1.

In the Preshared Key text box, enter a Preshared Key.

The pre-shared keys on Juniper firewall device A and Juniper firewall device B must be identical.

From the Local ID text box, enter a local ID.

For this example, we entered siteb.netscreen.com.

From the Outgoing Interface drop-down menu, click to select the interface from which you connect to the Internet.

For this example, we selected ethernet3.

Click Advanced.

From the Phase 1 Proposal drop-down menu, click to choose a phase 1 proposal.

Your Juniper firewall supports up to four proposals for Phase 1 negotiations, allowing you to define how restrictive a range of security parameters for key negotiation you will accept.

For this example, we selected pre-g2-3des-sha.

From Mode (Initiator), click to select Aggressive.

Click Return.

Click OK.

Troubleshooting