Knowledge Search


×
 

[Archive] [ScreenOS] Configuring a Juniper Firewall LAN to LAN VPN with XAuth

  [KB4185] Show Article Properties


Summary:
Configuring a Juniper Firewall LAN to LAN VPN with XAuth
Symptoms:

Solution:

Building a VPN using a Juniper Firewall as an XAuth client requires you to create an XAuth user account on the remote gateway, or have the remote gateway look up a RADIUS server, for purposes of authenticating the XAuth user during phase 1 IKE negotiation. In this example, we will create an XAuth user account on Juniper Firewall B.

Image of diagram

Site A B
Untrust IP of Firewall 1.1.1.1 Dynamic IP
Trust Network 192.168.20.0/24 192.168.10.0/24
Local ID N/A ns5xt.netscreen.com
Peer ID ns5xt.netscreen.com  
Pre-shared Key support support
Phase 1 pre-g2-3des-sha pre-g2-3des-sha
Phase 2 g2-esp-3des-sha g2-esp-3des-sha

 

To configure the Juniper Firewall LAN to LAN VPN with XAuth, perform the following steps:

 

Step one: Configure Juniper Firewall side A with XAuth. For more information on configuring the Juniper Firewall side A with XAuth, go to Configuring Juniper Firewall Side A with XAuth.

Step two: Configure Juniper Firewall side B as an XAuth Client. For more information on configuring the Juniper Firewall side B with XAuth client, go to Configuring Juniper Firewall Side B as an XAuth Client.
Related Links: