Configuring your Juniper firewall NS-5XP/5XT/5GT for a Route Based LAN to LAN VPN When Both Sides have Static IPs using Pre-shared Keys
| Knowledge Base ID: | KB4177 |
| Version: | 4.0 |
| Published: | 07 Oct 2008 |
| Updated: | 07 Oct 2008 |
| Categories: |
 Firewall/IPSec_VPN IPSec ScreenOS |
Configuring your Juniper firewall NS-5XP/5XT/5GT for a Route Based LAN to LAN VPN When Both Sides have Static IPs using Pre-shared Keys
Solution:This example assumes that the pre-shared secret used is netscreen. The lists below will show the proposals we will use for this example:
Site A
- Untrust IP of device 1.1.1.1
- Trust Network 10.1.1.0/24
- Phase 1 Proposal pre-g2-3des-sha
- Phase 2 Proposal g2-esp-3des-sha
Site B
- Untrust IP of device 2.2.2.1
- Trust Network 176.16.10.0/24
- Phase 1 Proposal pre-g2-3des-sha
- Phase 2 Proposal g2-esp-3des-sha
To configure your Juniper firewall NS-5XP/5XT/5GT for a route based LAN to LAN VPN when both sides have static IPs using pre-shared keys, perform the following steps:
Configure Site A. For more information, go to Configuring your Juniper firewall NS-5XP/5XT Site A for a Route Based LAN to LAN VPN When Both Sides Have Static IPs using Pre-shared Keys.
Configure Site B. For more information, go to Configuring your Juniper firewall NS-5XP/5XT/5GT Site B for a Route Based LAN to LAN VPN When Both Sides Have Static IPs using Pre-shared Keys.
Configuration
