Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Configuring the NetScreen Side of My NetScreen to Cisco PIX IPSec VPN

0

0

Article ID: KB4148 KB Last Updated: 04 Jun 2010Version: 5.0
Summary:

Configuring the NetScreen Side of My NetScreen to Cisco PIX IPSec VPN

Symptoms:


 

Solution:

Note: This article applies to ScreenOS 4.0 and higher.

Note: In this example, we are using ScreenOS 4.0 on the NetScreen, and software version 6.1.(1) on the Cisco PIX.

To configure the NetScreen side of your NetScreen to Cisco PIX IPSec VPN, perform the following steps:

Note: In this example, we will use a Route-Based VPN on our NetScreen.

Step one: Open the WebUI. For more information on accessing the WebUI, go to Accessing Your NetScreen Using the WebUI.

Step two: From the NetScreen options menu, click Network, and then click Interfaces.

Image of step two
 

Step three: Click New.

Image of step three
 

Step four: From the Tunnel Interface Name text box, enter a tunnel name.

Note: For this example, we have entered 1.

Image of step four and five
 

Step five: From the Zone drop-down menu, select a Zone.

Note: For this example, we have selected Untrust (trust-vr).

Step six: Click to select Unnumbered. From the Interface drop-down menu, select an Interface.

Note: For this example, we have selected ethernet (trust-vr).

Image of step six and seven
 

Step seven: Click OK.

Step eight: From the NetScreen options menu, click VPNs, select AutoKey Advanced, and then click Gateway.

Image of step eight
 

Step nine: Click New.

Image of step nine
 

Step ten: In the Gateway Name text box, enter a Gateway Name.

Note: For this example, we have entered Site B GW.

Image of step ten and eleven
 

Step eleven: From Security Level, click to select Custom.

Step twelve: From Remote Gateway Type, click to select Static IP Address, and enter an IP Address/Hostname.

Note: For this example, we have entered 2.2.2.1.

Image of step twelve
 

Step thirteen: In the Preshared Key text box, enter a Preshared Key.

Note: For this example, we have entered netscreen.

Image of step thirteen and fourteen
 

Step fourteen: From the Outgoing Interface drop-down menu, click to choose an Outgoing Interface. Click Advanced.

Note: For this example, we have selected Untrust.

Step fifteen: From the Phase 1 Proposal drop-down menu, click to choose a Phase 1 Proposal.

Note: For this example, we have selected pre-g2-3des-sha.

Image of step fifteen and sixteen
 

Step sixteen: Click to select Mode (Initiator). Click Return.

Step seventeen: Click OK.

Image of step seventeen
 

Step eighteen: From the NetScreen options menu, click VPNs, and then click AutoKey IKE.

Image of step eighteen
 

Step nineteen: Click New.

Image of step nineteen
 

Step twenty: In the VPN Name text box, enter a VPN Name. From Security Level, click to select Custom.

Note: For this example, we have entered Site B VPN.

Image of step twenty and twenty-one
 

Step twenty-one: From Remote Gateway, click to select Predefined. From the Remote Gateway drop-down menu, click to select Site B GW.

Step twenty-two: Click Advanced.

Image of step twenty-two
 

Step twenty-three: From the Phase 2 Proposal drop-down menu, select a Phase 2 Proposal.

Note: For this example, we have selected g2-esp-3des-sha.

Image of step twenty-three and twenty-four
 

Step twenty-four: From Bind to, click to select Tunnel Interface. From the Tunnel Interface drop-down menu, click to select tunnel.1.

Step twenty-five: Click to select Proxy-lD. In the Local IP/Netmask text box, enter a Local IP/Netmask, and then in the Remote IP/Netmask text box, enter a Remote IP/Netmask.

Note: For this example, we have entered 10.1.1.0/24 for our Local IP/Netmask and 172.16.10.0/24 for the Remote IP/Netmask.

Image of step twenty-five and twenty-six
 

Step twenty-six: From the Service drop-down menu, click to select ANY. Click Return.

Step twenty-seven: Click OK.

Image of step twenty-seven
 

Step twenty-eight: From the NetScreen options menu, click Policies.

Image of step twenty-eight
 

Step twenty-nine: In the From drop-down menu, click to select Trust. In the To drop-down menu, click to select Untrust.

Image of step twenty-nine and thirty
 

Step thirty: Click New.

Step thirty-one: From Source Address, click to select New Address, and enter a New Address.

Note: For this example, we have entered 10.1.1.0/24.

Image of step thirty-one and thirty-two
 

Step thirty-two: From Destination Address, click to select New Address, and enter a New Address.

Note: For this example, we have entered 172.16.10.0/24.

Step thirty-three: In the Service drop-down menu, click to select ANY. From the Action drop-down menu, click to select Permit.

Image of step thirty-three
 

Step thirty-four: Click to select Position at Top.

Image of step thirty-four
 

Step thirty-five: Click OK.

Image of step thirty-five
 

In the From drop-down menu, click to select Untrust. In the To drop-down menu, click to select Trust.

Image of step thirty-six and thirty-seven
 

Click New.

From Source Address, click to select New Address, and enter a New Address.

note: For this example, we have entered 172.16.10.0/24.

Image of step thirty-eight and thirty-nine
 

From Destination Address, click to select New Address, and enter a New Address.

note: For this example, we have entered 10.1.1.0/24.

In the Service drop-down menu, click to select ANY. From the Action drop-down menu, click to select Permit.

Image of step forty
 

Click to select Position at Top.

Image of step forty-one
 

Step forty-two:Click OK.

Image of step forty-two
 

Step forty-three: From the NetScreen options menu, click Network, select Routing, and then click Routing Table.

Image of step forty-three
 

Step forty-four: Click New.

Image of step forty-four
 

Step forty-five: From Virtual Router Name, in the Network Address/Netmask text boxes, enter a Network Address/Netmask.

Note: For this example, we have entered 172.16.10.0/255.255.255.0.

Image of step forty-five and forty-six
 

Step forty-six: Click to select Gateway. From the Interface drop-down menu, click to select tunnel.1.

Step forty-seven: Click OK.

Image of step forty-seven
 

Warning: Juniper Networks is not responsible for anything regarding these articles, nor is there any guarantee that they are accurate.

Cisco PIX is a trademark of Cisco Systems, Inc


 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search