Configuring an L2TP Group Gateway and VPN on the Juniper Firewall

This article applies to ScreenOS 5.0 and above.

 

To configure an L2TP group gateway and VPN on the Juniper Firewall, perform the following steps:

 

Open the WebUI. For an example of how to access the WebUI, consult: KB4060 - Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI

From the ScreenOS options menu, click VPNs, select AutoKey Advanced, and then click Gateway.

Click New.

From the Edit screen, enter a Gateway Name. From Security Level, click Custom.

For this example, we entered JohnDoeGate.

From Remote Gateway Type, click to select Dialup User Group. From the Group drop-down menu, click to select your group.

For this example, we selected usergroup1.

From the Preshared Key text box, enter a Preshared Key.

For this example, we have entered Password9.

From Outgoing Interface, click to select your external interface. Then click Advanced.

For this example, the public external interface is the untrust interface on a 5GT in trust-untrust mode. 

From Phase 1 Proposal drop-down menu, click to choose a proposal.

For this example, we chose pre-g2-des-sha. When choosing the Phase 1 Proposal, you must select pre for the proposal.

From Mode (Initiator), click to select Aggressive.

Click Return.

Click OK.

From the ScreenOS options menu, click VPNs, select AutoKey IKE.

Click New.

From VPN Name, enter a VPN Name. Click to select Custom.

For this example, we entered JohnDoeIke.

From the Remote Gateway drop-down menu, click to select a Remote Gateway.

For this example, we chose JohnDoeGate.

Click Advanced.

From User Defined, click to select Custom. From the Phase 2 Proposal drop-down menus, click to choose the Phase 2 Proposal settings.

For this example, we chose nopfs-esp-des-md5, nopfs-esp-3des-md5, nopfs-esp-des-sha, and nopfs-esp-3des-sha.

From Transport Mode, click (For L2TP-over-IPSec only). From Bind to, click None.

Click Return.

Click OK.

Troubleshooting