Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How to configure a Phase 2 for VPN

0

0

Article ID: KB4132 KB Last Updated: 07 Oct 2016Version: 6.0
Summary:

This article explains how to configure a Phase 2 for VPN.

Solution:

To configure a phase 2 for the remote site, perform the following steps:

  1. Open the WebUI. For more information on accessing the WebUI, go to Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI
  2. From the Juniper firewall menu, click VPNs, and then click AutoKey IKE.

    Image of step two
  3. From the AutoKey IKE page, click New.

    Image of step three
  4. In the VPN Name text box, enter a VPN name.

    For this example, we entered vpntunnel2.

    Image of step four and five
  5. From Security Level, click to select Custom.
  6. From Remote Gateway, in the Predefined drop-down menu, click to select your predefined gateway. For more information about configuring predefined gateways, go to Configuring Phase 1 Proposals.

    For this example, we selected vpngateway2.

    Image of step six
  7. Click Advanced.

    Image of step seven

  8. From the Phase 2 Proposal drop-down menu, click to choose a Phase 2 Proposal.

    Your Juniper firewall supports up to four proposals for Phase 2 negotiations, allowing you to define how restrictive a range of security parameters for key negotiation you will accept.

    For this example, we chose one proposal, and selected nopfs-esp-des-sha.

    Image of step eight
  9. Click Return.

    Image of step nine

  10. Click OK.

    Image of step ten


    To configure phase-2 proposals using CLI (ssh/console/telnet), the command is:

    set vpn <vpn-name> gateway <gateway name> proposal <proposalset name1> <proposalset name2> <proposalset name3>

    Example
    set vpn "vpntunnel2" gateway "vpngateway2" proposal "nopfs-esp-3des-sha"
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search