Configuring a Route Based LAN to LAN VPN When Both Sides Have Static IPs Using Pre-shared Keys
| Knowledge Base ID: | KB4766 |
| Version: | 4.0 |
| Published: | 07 Oct 2008 |
| Updated: | 07 Oct 2008 |
| Categories: |
 Firewall/IPSec_VPN IPSec ScreenOS |
Route Based VPN - Both Sides have Static IPs using Pre-shared Keys (SSG/ISG/NS)
Solution:This example assumes that the pre-shared secret used is netscreen.
Below shows the settings and proposals that we will use:
NetScreen Site A
- Untrust IP of device 1.1.1.1
- Trust Network 10.1.1.0/24
- Phase 1 Proposal pre-g2-3des-sha
- Phase 2 Proposal g2-esp-3des-sha
NetScreen Site B
- Untrust IP of device 2.2.2.1
- Trust Network 172.16.10.0/24
- Phase 1 Proposal pre-g2-3des-sha
- Phase 2 Proposal g2-esp-3des-sha
To configure your Juniper Firewall for a route based LAN to LAN VPN when both sides have static IPs using pre-shared keys, perform the following steps:
Configure Juniper Firewall Site A. For more information, go to Configuring Your Juniper Firewall Site A for a Route Based LAN to LAN VPN When Both Sides Have Static IPs Using Pre-shared Keys.
Configure Juniper Firewall Site B. For more information, go to Configuring Your Juniper Firewall Site B for a Route Based LAN to LAN VPN When Both Sides Have Static IPs Using Pre-shared Keys. Troubleshooting
