Configuring a Policy-Based LAN-to-LAN VPN When Both Sides Have Static IPs Using Pre-shared Keys
| Knowledge Base ID: | KB4757 |
| Version: | 5.0 |
| Published: | 07 Oct 2008 |
| Updated: | 07 Oct 2008 |
| Categories: |
 Firewall/IPSec_VPN IPSec ScreenOS |
Policy-based VPN - Both Sides have Static IPs using Pre-shared Keys
Solution:Below are the settings and proposals that we will use to configure the VPN:
Juniper Firewall Site A
- Untrust IP of device 1.1.1.1
- Trust Network 192.168.1.0/24
- Phase 1 Proposal pre-g2-des-sha
- Phase 2 Proposal nopfs-esp-des-sha
Juniper Firewall Site B
- Untrust IP of device 2.2.2.1
- Trust Network 10.1.1.0/24
- Phase 1 Proposal pre-g2-des-sha
- Phase 2 Proposal nopfs-esp-des-sha
To configure a policy-based LAN-to-LAN VPN when both sides have static IPs using pre-shared keys, perform the following steps:
Configure a gateway for the local site. For more information on configuring a gateway for the local site, go to Configuring an IPSec Security Gateway for the Local Site.
Configure a phase 2 proposal for the local site. For more information on configuring a phase 2 proposal for the local site, go to Configuring a Phase 2 Proposal for the Local Site.
Configure a policy for the local site. For more information on configuring a policy for the local site, go to Configuring a Policy for the Local Site.
Configure a gateway for the remote site (opposite end of the tunnel from the local site). For more information on configuring a gateway for the remote site, go to Configuring a Gateway for the Remote Site.
Configure a phase 2 proposal for the remote site. For more information on configuring a phase 2 proposal for the remote site, go to Configuring a Phase 2 Proposal for the Remote Site.
Configure a policy for the remote site. For more information on configuring a policy for the remote site, go to Configuring a Policy for the Remote Site.
Troubleshooting
