Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Configuring the NetScreen-Remote Client for a Multiple Dial Up VPN

0

0

Article ID: KB4159 KB Last Updated: 01 Jun 2010Version: 6.0
Summary:
Configuring the NetScreen-Remote Client for a Multiple Dial Up VPN
Symptoms:

Solution:
Note: This article applies to NetScreen-Remote VPN Client 8.0 and above.

To configure the NetScreen-Remote client for a Multiple Dial UP VPN, perform the following steps:

Step one: From the Start menu, click Programs, click NetScreen-Remote, and then click Security Policy Editor.

Image of step one


Step two: From the Security Policy Editor dialog box, click the Add a new connection icon.

Image of step two


Step three: Enter a New Connection name.

Note: For this example, we named the new connection corporate.

Image of step three


Step four: From Remote Party Identity and Addressing, in the ID Type drop-down menu, click IP Subnet.

Image of step four


Step five: Enter the destination Subnet and Mask.

Note: For this example, we entered a Subnet of 172.16.10.0 with a Mask of 255.255.255.0.

Image of step five


Step six: Click Connect using, and then in the Connect using drop-down menu, select Secure Gateway Tunnel.

Image of step six and seven

Step seven: From the ID Type drop-down menu, select IP Address, and then enter the remote gateway IP address.

Note: For this example, we entered 1.1.1.1.

Step eight: Click to expand the corporate connection.

Image of step eight

Step nine: Click Security Policy, and then click to select Aggressive Mode.

Image of step nine

Step ten: Click to clear Enable Perfect Forward Secrecy (PFS), and then click to clear Enable Replay Detection.

Image of step ten


Step eleven: Click to select My Identity.

Image of step eleven


Step twelve: From My Identity, in the Select Certificate drop-down menu, click to select None.

Image of step twelve


Step thirteen: From the ID Type drop-down menu, click to select E-mail Address, and then enter your IKE Identity.

Note: For this example, we entered sales@ns.com.

Image of step thirteen and fourteen


Step fourteen: From the Virtual Adapter drop-down menu, click to select Preferred.

Step fifteen: Click Pre-Shared Key.

Image of step fifteen

Step sixteen: From the Pre-Shared Key dialog box, click Enter Key, and then enter your Pre-Shared key.

Note: For this example, we have entered sharedikeid.

Image of step sixteen and seventeen


Step seventeen: Click OK.

Step eighteen: Click to expand Security Policy, expand Authentication (Phase 1), and then click Proposal 1.

Image of step eighteen


Step nineteen: From the Authentication Method drop down menu, click to select Pre-Shared Key; Extended Authentication.

Image of step nineteen and twenty


Step twenty: From Encryption and Data Integrity Algorithms, click to select your Encrypt Alg, Hash Alg, SA Life and Key Group.

Note: For this example, we chose the default values of Triple DES, SHA-1, Unspecified, and Diffie-Hellman Group 2.

Step twenty-one: Click to expand Key Exchange (Phase 2), and click Proposal 1.

Image of step twenty-one

Step twenty-two: From Encapsulation Protocol (ESP), select your Encrypt Alg, Hash Alg, and Encapsulation.

Note: For this example, we chose the the default values of Triple DES, SHA-1 and Tunnel.

Image of step twenty-two


Step twenty-three: Click File, and then click Save.

Image of step twenty-three


Step twenty-four: From the NetScreen-Remote client, enter your Username and Password.

Note: For this example, we have entered Joe and netscreen.

Image of step twenty-four and twenty-five


Step twenty-five: Click OK.

Note: After the NetScreen-Remote client has been configured, you can make the IKE VPN negotiate by sending traffic through the VPN. In this example, we have sent a ping to 172.16.10.10 (a server IP Address on the Trust side of the NetScreen) from the client. After 3 or 4 pings, the VPN should be established.

Image of note


Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search