KB Home KB Home Back to all Knowledge Base Browse Knowledge Base Categories Printer Friendly Version Printer Friendly

Configuring the NetScreen-Remote Client Side VPN With XAuth
Knowledge Base ID: KB4184
Version: 6.0
Published: 07 Oct 2008
Updated: 07 Oct 2008
Categories: . NS-5GT
. NS-5XP
. NS-5XT
. NS-25
. NS-50
. NS-204
. NS-208
. NS-5200
. NS-5400
. NAT/PAT

Synopsis:
Configuring the NetScreen-Remote Client Side VPN With XAuth

Solution:


To configure the NetScreen-Remote client side VPN with XAuth, perform the following steps:

Step one: From the Start menu, select Programs, select NetScreen-Remote, and then click Security Policy Editor.

Image of step one

Step two: From the Security Policy Editor dialog box, click the 'Add a new connection' icon.

Image of step two

Step three: Enter a name for your new connection.

Note:For this example, we used the default name New Connection.

Image of step three

Step four: From Remote Party Identity and Addressing, in the ID Type drop-down menu, click to select IP Subnet.

Image of step four

Step five: In the Subnet and Mask text boxes, enter a Subnet and Mask.

Note:For this example, we used 172.16.10.0 and 255.255.255.0.

Image of step five

Step six: Click to select Connect using, and then from the drop-down menu, click to select Secure Gateway Tunnel.

Image of step six and seven

Step seven: From the ID Type drop-down menu, click to select IP Address, then enter the untrusted IP Address of the Firewall.

Note:For this example, we have entered 1.1.1.1 for the untrusted IP address of the Firewall.

Step eight: Click the + to expand New Connection.

Image of step eight

Step nine: Click to select My Identity, and then from the Select Certificate drop-down menu, click to select None.

 

Image of step nine

Step ten: From the ID Type drop-down menu, click to select E-mail Address.

Image of step ten and eleven

Step eleven: Enter the email address corresponding to the ID. From the Virtual Adapter drop-down menu, click to select Preferred.

Note: For this example, we have used xauth@auth.com. This is the IKE user's simple identity and not their username. The email address can be a username or an actual email address; it does need to match the settings on the Juniper Firewall.

Step twelve: From the Pre-Shared Key dialog box, click Enter Key, and then enter the Pre-Shared Key.

Note:The Pre-Shared Key will need to match the one configured on the Firewall device for this connection.

Image of step twelve and thirteen

Step thirteen: Click OK.

Step fourteen: Click to select Security Policy, and then click to select Aggressive Mode.

Image of step fourteen

Step fifteen: Click the + to expand Security Policy.

Image of step fifteen

Step sixteen:Click the + to expand Authentication (Phase 1).

Image of step sixteen and seventeen

Step seventeen: Click to select Proposal 1.

Step eighteen:From the Authentication Method drop-down menu, click to choose Pre-Shared Key; Extended Authentication

From the Encrypt Alg drop-down menu, click to choose an encryption type. From the Hash Alg drop-down menu, click to choose an authentication type.

Note:For this example, we have used DES for Encrypt Alg and MD5 for Hash Alg.

Image of step eighteen and nineteen

Step nineteen:From the Key Group drop-down menu, click to select Diffie-Hellman Group 1.

Step twenty:Click the + to expand Key Exchange (Phase 2).

Image of step twenty and twenty-one

Step twenty-one:Click to select Proposal 1.

Step twenty-two:From the Encrypt Alg drop-down menu, click to choose encryption type. From the Hash Alg drop-down menu, click to choose authentication type.

Note:For this example, we have used DES for Encrypt Alg and MD5 for Hash Alg.

Image of step twenty-two and twenty-three

Step twenty-three:In the Encapsulation drop-down menu, click to select Tunnel.

Step twenty-four:From the Security Policy Editor dialog box, click File, and then click Save Changes.

Image of step twenty-four

Purpose:
Troubleshooting

ASK THE KB
Question or KB ID:



RELATED TOPICS