Knowledge Search


×
 

[Archive] Configure NetScreen-Remote VPN Client with pre-shared Keys

  [KB22075] Show Article Properties


Summary:

This article provides information on how to configure a NetScreen-Remote (Dial-Up VPN) Client with pre-shared Keys

For VPN setup on the firewall, refer to:

KB14878 - Configure ScreenOS Firewall for use with a VPN Client using Pre-shared Keys (ScreenOS 6.0 and later)

KB6233 - Configure NetScreen-Remote VPN Client with Pre-shared Keys (ScreenOS 5.x)

Symptoms:

Environment:

  • Dial Up VPN

  • NetScreen-Remote

  • Remote User

  • Need to get into the network from home

Cause:

Solution:
Launch the NetScreen-Remote Security Policy Editor.
  1. Create a new policy by clicking the New Connection icon located at the upper left corner. We'll call this new connection - Corporate.

  2. On Remote Party Identity and Addressing:

    1. ID Type: IP Subnet.

    2. Subnet: 172.16.10.0.

    3. Netmask: 255.255.255.0.

    4. Click Connect using Secure Gateway Tunnel.

    5. ID Type: IP Address: 1.1.1.1

  3. Expand the Corporate connection:

    1. Click Security Policy:

      1. Select Phase 1 Negotiation Mode: Aggressive

      2. Select Enable Perfect Forward Secrecy (PFS)

      3. PFS Key Group: Diffie-Hellman Group 2

      4. De-select "Enable Replay Detection"

    2. Click My Identity:

      1. Select Certificate: None

      2. ID Type: Email address: user1@netscreen.com

      3. Click Pre-Shared Key

              Click Enter Key

        • Enter the Pre-shared key netscreen.

        • Click Ok.

    3. Expand Security Policy:

      1. Expand Authentication (Phase 1)

        Select Proposal 1

        • Encryption Alg: Triple DES

        • Hash Alg: MD5

        • SA Life: Unspecified

        • Key Group: Diffie-Hellman Group 2

      2. Expand Key Exchange (Phase 2)

        Select Proposal 1

        • Encrypt Alg. Triple DES

        • Hash Alg. MD5

        • Encapsulation: Tunnel

  4. Click Save.

Send traffic through the VPN tunnel to initiate the IKE negotiation and the VPN tunnel will be built.

For more information, refer to KB6464 - How do I install NetScreen Remote?

Related Links: