Configuring Your Juniper Firewall Site B for a Route Based LAN to LAN VPN When Both Sides Have Static IPs Using Pre-shared Keys
| Knowledge Base ID: | KB4143 |
| Version: | 5.0 |
| Published: | 07 Oct 2008 |
| Updated: | 07 Oct 2008 |
| Categories: |
 Firewall/IPSec_VPN ScreenOS |
Configuring Your Juniper Firewall Site B for a Route Based LAN to LAN VPN When Both Sides Have Static IPs Using Pre-shared Keys
Solution:To configure your Juniper Firewall Site B for a Route Based LAN to LAN VPN when both sides have static IPs using Pre-shared Keys, perform the following steps:
Open the WebUI. For more information on accessing the WebUI, go to Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI 
From the Juniper firewall menu, click Network, and then click Interfaces.
Click New.
From the Tunnel Interface Name text box, enter a tunnel name.
For this example, we have entered 2.
From the Zone drop-down menu, click to select a Zone. For this example, we have selected Untrust (trust-vr).
Click to select Unnumbered. From the Interface drop-down menu, click to select an Interface. For this example, we have selected ethernet (trust-vr).
Click OK.
From the Juniper Firewall menu, click VPNs, select AutoKey Advanced, and then click Gateway.
Click New.
From the Gateway Name text box, enter a Gateway Name. For this example, we have entered Site A GW.
From Security Level, click to select Custom.
From Remote Gateway Type, click to select Static IP Address, and then enter an IP Address/Hostname. For this example, we have entered 1.1.1.1.
From the Preshared Key text box, enter a Preshared Key.
The pre-shared keys on Juniper Firewall device A and Juniper Firewall device B must be identical.
From the Outgoing Interface drop-down menu, click to choose an Outgoing Interface. Click Advanced. For this example, we have selected ethernet3.
From the Phase 1 Proposal drop-down menu, click to choose a Phase 1 Proposal. For this example, we have selected pre-g2-3des-sha.
Click to select Mode (Initiator). Click Return.
Click OK.
From the Juniper Firewall menu, click VPNs, and then click AutoKey IKE.
Click New.
From the VPN Name text box, enter a VPN Name. From Security Level, click to select Custom. For this example, we have entered Site A VPN.
From Remote Gateway, click to select Predefined. From the Remote Gateway drop-down menu, click to select Site A GW.
Click Advanced.
From the Phase 2 Proposal drop-down menu, click to choose a Phase 2 Proposal. For this example, we have selected g2-esp-3des-sha.
From Bind to, click to select Tunnel Interface. From the Tunnel Interface drop-down menu, click to select tunnel.2.
Click to select Proxy-lD. In the Local IP/Netmask text box, enter a Local IP/Netmask, and then in the Remote IP/Netmask text box, enter a Remote IP/Netmask. For this example, we have entered 172.16.10.0/24 for the Local IP/Netmask and 10.1.1.0/24 for the Remote IP/Netmask.
From the Service drop-down menu, click to select ANY. Click Return.
Click OK.
From the Juniper Firewall menu, click Policies.
In the From drop-down menu, click to select Trust. From the To drop-down menu, click to select Untrust.
Click New.
From Source Address, click to select New Address, and then enter a New Address. For this example, we have entered 172.16.10.0/24.
From Destination Address, click to select New Address, and then enter a New Address. For this example, we have entered 10.1.1.0/24.
In the Service drop-down menu, click to select ANY. From the Action drop-down menu, click to select Permit.
Click to select Position at Top.
Click OK.
From the Juniper Firewall menu, click Policies.
In the From drop-down menu, click to select Untrust. From the To drop-down menu, click to select Trust.
Click New.
From Source Address, click to select New Address, and then enter a New Address.For this example, we have entered 10.1.1.0/24.
From Destination Address, click to select New Address, and then enter a New Address. For this example, we have entered 172.16.10.0/24.
In the Service drop-down menu, click to select ANY. From the Action drop-down menu, click to select Permit.
Click to select Position at Top.
Click OK.
From the Juniper Firewall menu, click Network, select Routing, and then, for 5.2 and below, click Routing Table; for 5.3 and above, click Destination.
Click New.
From Virtual Router Name, in the Network Address/Netmask text boxes, enter a Network Address/Netmask. For this example, we have entered 10.1.1.0/255.255.255.0.
Click to select Gateway. From the Interface drop-down menu, click to select tunnel.2.
Click OK.
Troubleshooting
