Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Configuring an L2TP Connection on the Remote Side

0

0

Article ID: KB4095 KB Last Updated: 22 Jul 2010Version: 7.0
Summary:
Configuring an L2TP Connection on the Remote Side
Symptoms:

Solution:

Note: This article applies to ScreenOS 5.0 and above and NetScreen-Remote 7.x and higher.


To configure an L2TP connection on the NetScreen-Remote side, perform the following steps:
Step one: From the Start menu, click Programs, click NetScreen-Remote, and then click to select Security Policy Editor.

Note: With newer versions of NetScreen-Remote, the start menu may be Juniper Networks > NetScreen-Remote.

Image of step one

Step two: From the Security Policy Editor, click the Add a new connection icon.

Image of step two

Step three: Enter a name for your new connection.

Note: For this example, we used the default name New Connection.

Image of step three

Step four: From Remote Party Identity and Addressing, in the ID Type drop-down menu, click to select IP Address.

Image of step four

Step five: Enter the Untrust Interface IP Address of the Juniper Firewall you are trying to reach.

Note: For this example, we used 1.1.1.1 as the Untrust interface IP address.

Image of step five

Step six: From the Protocol drop-down menu, click to select UDP. From the Port drop-down menu, click to select L2TP.

Image of step six

Step seven: Click the + to expand New Connection.

Image of step seven

Step eight: Click My Identity, and then from the Select Certificate drop-down menu, click to select None.

Image of step eight

Step nine: Click Pre-Shared Key.

Image of step nine

Step ten: Click Enter Key, and then enter the Pre-Shared Key.

Note: The Pre-Shared Key will need to match the one configured on the Firewall device for this connection.

Image of step ten and eleven

Step eleven: Click OK.

Step twelve: Click Security Policy, and then click to select Aggressive Mode.

Image of step twelve

Step thirteen: Click My Identity.

Image of step thirteen

Step fourteen: From the ID Type drop-down menu, click to select E-mail Address.

Image of step fourteen and fifteen

Step fifteen: Enter the email address corresponding to the ID.

Note: For this example, we have used jdoe@netscreen.com. This is the IKE user's simple identity and not their username. The E-mail Address can be a username or an actual email address. However, this needs to match the settings on the Juniper Firewall.

Step sixteen: Click the + to expand Security Policy.

Image of step sixteen

Step seventeen: Click the + to expand Authentication (Phase 1).

Image of step seventeen and eighteen

Step eighteen: Click to select Proposal 1.

Step nineteen: From the Encrypt Alg drop-down menu, click to select encryption type. From the Hash Alg drop-down menu, click to select authentication type.

Note: For this example, we have used DES for Encrypt Alg and SHA-1 for Hash Alg.

Image of step nineteen and twenty

Step twenty: From the Key Group drop-down menu, click to select Diffie-Hellman Group 2.

Step twenty-one: Click the + to expand Key Exchange (Phase 2).

Image of step twenty-one and twenty-two

Step twenty-two: Click Proposal 1.

Step twenty-three: From the Encrypt Alg drop-down menu, click to select encryption type. From the Hash Alg drop-down menu, click to select authentication type.

Note: For this example, we have used DES for Encrypt Alg and SHA-1 for Hash Alg.

Image of step twenty-three and twenty-four

Step twenty-four: In the Encapsulation drop-down menu, click to select Transport.

Step twenty-five: From the Security Policy Editor dialog box, click File, and then click Save.

Image of step twenty-five

Warning: You will now need to make a connection. For more information on making a connection, go to Making an L2TP Connection from Windows 2000/XP.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search