Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] Configuring the NetScreen-Remote Client Side VPN With XAuth

0

0

Article ID: KB4184 KB Last Updated: 02 Aug 2017Version: 10.0
Summary:
Configuring the NetScreen-Remote Client Side VPN With XAuth
Solution:

NOTE: This article applies to connecting to a firewall running ScreenOS 5.x, and corresponds with KB4182 - Configuring the NetScreen-Remote Client to a Juniper Firewall Device VPN With XAuth.

For ScreenOS 6.0 and above, refer to the following articles:
KB14883 - How To: Create Multiple Dial Up VPN using same IKE ID (policy-based VPN, more common)  or
KB15272 - How To: Create Route based Dial Up VPN using same IKE ID (route-based VPN)

 

To configure the NetScreen-Remote client side VPN with XAuth, perform the following steps:

Step one:   From the Start menu, select Programs, select NetScreen-Remote, and then click Security Policy Editor.

Image of step one

Step two:   From the Security Policy Editor dialog box, click the 'Add a new connection' icon.

Image of step two

Step three:   Enter a name for your new connection.

Note:  For this example, we used the default name New Connection.

Image of step three

Step four:   From Remote Party Identity and Addressing, in the ID Type drop-down menu, click to select IP Subnet.

Image of step four

Step five:   In the Subnet and Mask text boxes, enter a Subnet and Mask.

Note:  For this example, we used 172.16.10.0 and 255.255.255.0.

Image of step five

Step six:   Click to select Connect using, and then from the drop-down menu, click to select Secure Gateway Tunnel.

Image of step six and seven

Step seven:   From the ID Type drop-down menu, click to select IP Address, then enter the untrusted IP Address of the Firewall.

Note:  For this example, we have entered 1.1.1.1 for the untrusted IP address of the Firewall.

Step eight:   Click the + to expand New Connection.

Image of step eight

Step nine:   Click to select My Identity, and then from the Select Certificate drop-down menu, click to select None.

 

Image of step nine

Step ten:   From the ID Type drop-down menu, click to select E-mail Address.

Image of step ten and eleven

Step eleven:   Enter the email address corresponding to the ID. From the Virtual Adapter drop-down menu, click to select Preferred.

Note: For this example, we have used xauth@auth.com. This is the IKE user's simple identity and not their username. The email address can be a username or an actual email address; it does need to match the settings on the Juniper Firewall.

Step twelve:   From the Pre-Shared Key dialog box, click Enter Key, and then enter the Pre-Shared Key.

Note:  The Pre-Shared Key will need to match the one configured on the Firewall device for this connection.

Image of step twelve and thirteen

Step thirteen:   Click OK.

Step fourteen:   Click to select Security Policy, and then click to select Aggressive Mode.

Image of step fourteen

Step fifteen:   Click the + to expand Security Policy.

Image of step fifteen

Step sixteen:  Click the + to expand Authentication (Phase 1).

Image of step sixteen and seventeen

Step seventeen:   Click to select Proposal 1.

Step eighteen:  From the Authentication Method drop-down menu, click to choose Pre-Shared Key; Extended Authentication

From the Encrypt Alg drop-down menu, click to choose an encryption type. From the Hash Alg drop-down menu, click to choose an authentication type.

Note: For this example, we have used DES for Encrypt Alg and MD5 for Hash Alg.

Image of step eighteen and nineteen

Step nineteen:  From the Key Group drop-down menu, click to select Diffie-Hellman Group 1.

Step twenty:  Click the + to expand Key Exchange (Phase 2).

Image of step twenty and twenty-one

Step twenty-one:  Click to select Proposal 1.

Step twenty-two:  From the Encrypt Alg drop-down menu, click to choose encryption type. From the Hash Alg drop-down menu, click to choose authentication type.

Note:For this example, we have used DES for Encrypt Alg and MD5 for Hash Alg.

Image of step twenty-two and twenty-three

Step twenty-three:  In the Encapsulation drop-down menu, click to select Tunnel.

From the Security Policy Editor dialog box, click File, and then click Save Changes.

Image of step twenty-four

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search