Knowledge Base
Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articlesConfiguring an L2TP Connection on the Remote Side
Symptoms:
Solution:
This article applies to ScreenOS 5.0 and above and NetScreen-Remote 7.x and higher.
To configure an L2TP connection on the NetScreen-Remote side, perform the following steps:
From the Start menu, click Programs, click NetScreen-Remote, and then click to select Security Policy Editor. With newer versions of NetScreen-Remote, the start menu may be Juniper Networks > NetScreen-Remote. 
From the Security Policy Editor, click the Add a new connection icon. 
Enter a name for your new connection. For this example, we used the default name New Connection. 
From Remote Party Identity and Addressing, in the ID Type drop-down menu, click to select IP Address. 
Enter the Untrust Interface IP Address of the Juniper Firewall you are trying to reach. For this example, we used 1.1.1.1 as the Untrust interface IP address. 
From the Protocol drop-down menu, click to select UDP. From the Port drop-down menu, click to select L2TP. 
Click the + to expand New Connection. 
Click My Identity, and then from the Select Certificate drop-down menu, click to select None. 
Click Pre-Shared Key. 
Click Enter Key, and then enter the Pre-Shared Key. The Pre-Shared Key will need to match the one configured on the Firewall device for this connection. 
Click OK.
Click Security Policy, and then click to select Aggressive Mode. 
Click My Identity. 
From the ID Type drop-down menu, click to select E-mail Address. 
Enter the email address corresponding to the ID. For this example, we have used jdoe@netscreen.com. This is the IKE user's simple identity and not their username. The E-mail Address can be a username or an actual email address. However, this needs to match the settings on the Juniper Firewall.
Click the + to expand Security Policy. 
Click the + to expand Authentication (Phase 1). 
Click to select Proposal 1.
From the Encrypt Alg drop-down menu, click to select encryption type. From the Hash Alg drop-down menu, click to select authentication type. For this example, we have used DES for Encrypt Alg and SHA-1 for Hash Alg. 
From the Key Group drop-down menu, click to select Diffie-Hellman Group 2.
Click the + to expand Key Exchange (Phase 2). 
Click Proposal 1.
From the Encrypt Alg drop-down menu, click to select encryption type. From the Hash Alg drop-down menu, click to select authentication type. For this example, we have used DES for Encrypt Alg and SHA-1 for Hash Alg. 
In the Encapsulation drop-down menu, click to select Transport.
From the Security Policy Editor dialog box, click File, and then click Save. 
You will now need to make a connection. For more information on making a connection, go to Making an L2TP Connection from Windows 2000/XP.
Related Links
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search