Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] [ScreenOS] Configuring an L2TP Over IPSec Tunnel with NetScreen-Remote

0

0

Article ID: KB4094 KB Last Updated: 14 Dec 2017Version: 12.0
Summary:
Step-by-Step guide for configuring an L2TP Over IPSec Tunnel with NetScreen-Remote. 
Symptoms:
Note that if using Windows 2000/XP native VPN client you must use PKI certificates.  Refer to application note found at KB10939 - Configuring a Dial-up VPN Using Windows XP Client with L2TP Over IPSec (without NetScreen-Remote).
Solution:
Note: This article applies to ScreenOS 5.0 and above.

The purpose of Layer 2 Tunneling Protocol (L2TP) is simply to permit the administrator of the local Juniper Firewall device to assign IP addresses to remote dial-up users. These addresses can then be referenced in policies. Although a dial-up user can be authenticated using Challenge Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP), an L2TP tunnel is not encrypted, and therefore is not a secure method for encapsulating data. To encrypt an L2TP tunnel, you need to apply an encryption scheme to the L2TP tunnel. This combination is called L2TP-over-IPSec. You can create an L2TP-over-IPSec tunnel between a Juniper Firewall/VPN gateway and a host PC running NetScreen-Remote on Windows 2000, XP or Vista operating systems.

To configure an L2TP over IPSec tunnel, perform the following steps:

Step one: Configure an L2TP over IPSec user on the Juniper Firewall. For more information on configuring an L2TP over IPSec user, go to KB4112 - Configuring an L2TP over IPSec User on the Juniper Firewall.

Step two: Configure an L2TP user group on the Juniper Firewall. For more information on configuring an L2TP user group, go to KB4108 - Configuring an L2TP User Group on the Juniper Firewall.

Step three: Configure an L2TP group gateway on the Juniper Firewall. For more information on configuring an L2TP group gateway, go to KB4181 - Configuring an L2TP Group Gateway and VPN on the Juniper Firewall.

Step four: Configure an L2TP IP pool on the Juniper Firewall. For more information on configuring an L2TP IP pool, go to KB4109 - Configuring an L2TP IP Pool on the Juniper Firewall.

Step five: Configure the L2TP VPN default settings on the Juniper Firewall. For more information on configuring the L2TP VPN default settings, go to KB4110 - Configuring the L2TP VPN Default Settings on the Juniper Firewall.

Step six: Configure an L2TP VPN tunnel on the Juniper Firewall. For more information on configuring the L2TP VPN tunnel, go to KB4107 - Configuring the L2TP VPN Tunnel on the Juniper Firewall.

Step seven: Configure an L2TP VPN policy on the Juniper Firewall. For more information on configuring the L2TP VPN policy, go to KB4111 - Configuring an L2TP VPN Policy on the Juniper Firewall.

Step eight: Configure an L2TP Connection on the Remote Side. For more information on configuring an L2TP connection on the remote side, go to KB4095 - Configuring an L2TP Connection on the Remote Side.

Step nine: Make an L2TP Connection from Windows 2000/XP. For more information on making an L2TP connection from Windows 2000/XP, go to KB4096 - Making an L2TP Connection from Windows 2000/XP.
Modification History:
2017-12-07: Archived. NS Remote is EOS.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search