Configuring a Juniper Firewall LAN to LAN VPN with XAuth
| Knowledge Base ID: | KB4185 |
| Version: | 5.0 |
| Published: | 07 Oct 2008 |
| Updated: | 07 Oct 2008 |
| Categories: |
 Firewall/IPSec_VPN ScreenOS |
Configuring a Juniper Firewall LAN to LAN VPN with XAuth
Solution:Building a VPN using a Juniper Firewall as an XAuth client requires you to create an XAuth user account on the remote gateway, or have the remote gateway look up a RADIUS server, for purposes of authenticating the XAuth user during phase 1 IKE negotiation. In this example, we will create an XAuth user account on Juniper Firewall B.
| Site | A | B |
| Untrust IP of Firewall | 1.1.1.1 | Dynamic IP |
| Trust Network | 192.168.20.0/24 | 192.168.10.0/24 |
| Local ID | N/A | ns5xt.netscreen.com |
| Peer ID | ns5xt.netscreen.com | |
| Pre-shared Key | support | support |
| Phase 1 | pre-g2-3des-sha | pre-g2-3des-sha |
| Phase 2 | g2-esp-3des-sha | g2-esp-3des-sha |
To configure the Juniper Firewall LAN to LAN VPN with XAuth, perform the following steps:
Configure Juniper Firewall side A with XAuth. For more information on configuring the Juniper Firewall side A with XAuth, go to Configuring Juniper Firewall Side A with XAuth.
Configure Juniper Firewall side B as an XAuth Client. For more information on configuring the Juniper Firewall side B with XAuth client, go to Configuring Juniper Firewall Side B as an XAuth Client.
Troubleshooting
