This article applies to ScreenOS 5.0 and above and NetScreen-Remote 7.x and higher.
To configure an L2TP connection on the NetScreen-Remote side, perform the following steps:

From the
Start menu, click
Programs, click
NetScreen-Remote, and then click to select
Security Policy Editor.

With newer versions of NetScreen-Remote, the start menu may be
Juniper Networks > NetScreen-Remote.


From the
Security Policy Editor, click the
Add a new connection icon.


Enter a name for your new connection.

For this example, we used the default name
New Connection.


From
Remote Party Identity and Addressing, in the
ID Type drop-down menu, click to select
IP Address.


Enter the Untrust Interface IP Address of the Juniper Firewall you are trying to reach.

For this example, we used
1.1.1.1 as the Untrust interface IP address.


From the
Protocol drop-down menu, click to select
UDP. From the
Port drop-down menu, click to select
L2TP.


Click the
+ to expand
New Connection.


Click
My Identity, and then from the
Select Certificate drop-down menu, click to select
None.


Click
Pre-Shared Key.


Click
Enter Key, and then enter the
Pre-Shared Key.

The
Pre-Shared Key will need to match the one configured on the Firewall device for this connection.


Click
OK.

Click
Security Policy, and then click to select
Aggressive Mode.


Click
My Identity.


From the
ID Type drop-down menu, click to select
E-mail Address.


Enter the email address corresponding to the ID.

For this example, we have used
jdoe@netscreen.com. This is the IKE user's simple identity and not their username. The
E-mail Address can be a username or an actual email address. However, this needs to match the settings on the Juniper Firewall.

Click the
+ to expand
Security Policy.


Click the
+ to expand
Authentication (Phase 1).


Click to select
Proposal 1.

From the
Encrypt Alg drop-down menu, click to select encryption type. From the
Hash Alg drop-down menu, click to select authentication type.

For this example, we have used
DES for
Encrypt Alg and
SHA-1 for
Hash Alg.


From the
Key Group drop-down menu,
click to select Diffie-Hellman Group 2. 
Click the
+ to expand
Key Exchange (Phase 2).


Click
Proposal 1.

From
the Encrypt Alg drop-down menu, click to select encryption type. From the
Hash Alg drop-down menu, click to select authentication type.

For this example, we have used
DES for
Encrypt Alg and
SHA-1 for
Hash Alg.


In the
Encapsulation drop-down menu, click to select
Transport.

From the
Security Policy Editor dialog box, click
File, and then click
Save.


You will now need to make a connection. For more information on making a connection, go to
Making an L2TP Connection from Windows 2000/XP.