Configuring a Dial-Up VPN to Authenticate via WebAuth on Your Juniper Networks NetScreen Device

This article applies to ScreenOS 4.0 and higher.

To configure a dial-up VPN to authenticate via WebAuth on your Juniper Networks NetScreen device, perform the following steps:

Open the WebUI. For more information on accessing the WebUI, go to Accessing Your NetScreen Using the WebUI.

From the NetScreen options menu, click Objects, select Users, and then click Local.

From the Local page, click New.

In the User Name text box, enter a user name.

Click to select Simple Identity.

In the IKE Identity text box, enter an IKE identity.

Click to select Authentication User, and in the User Password and Confirm Password text boxes, enter a password, and then confirm it.

Click OK.

From the NetScreen options menu, click VPNs, select AutoKey Advanced, and then click Gateway.

From the Gateway page, click New.

In the Gateway Name text box, enter a gateway name.

From Remote Gateway Type, click to select Dialup User, and in the User drop-down menu, click to select the IKE user name.

In the Preshared Key text box, enter a preshared key.

In the Outgoing Interface drop-down menu, click to select ethernet3.

Click Advanced.

From User Defined, click to select Custom.

In the Phase 1 Proposal drop-down menu, click to choose an encryption level.

From Mode (Initiator), click to select Aggressive.

Click Return.

Click OK.

From the NetScreen options menu, click VPNs, and then click AutoKey IKE.

From the AutoKey IKE page, click New.

In the VPN Name text box, enter a VPN name. From Security Level, click to select Custom.

From Remote Gateway, click to select Predefined, and then in the Predefined drop-down menu, click to select the remote gateway.

Click Advanced.

From Phase 2 Proposal, click to choose an encryption level.

Click Return.

Click OK.

From the NetScreen options menu, click Policies.

In the From drop-down menu, click to select Untrust, and in the To drop-down menu, click to select Trust.

Click New.

From Source Address, click to select Address Book, and then in the drop-down menu, click to select Dial-Up VPN.

From Destination Address, click to select New Address, and then in the text box, enter the WebAuth IP address.

In the Service drop-down menu, click to select HTTP, and in the Action drop-down menu, click to select Tunnel.

In the Tunnel VPN drop-down menu, click to select the dial-up VPN.

Click OK.

Configure the NetScreen-Remote client. For more information, go to Configuring a Dial-Up VPN to Authenticate via WebAuth on Your Juniper Networks NetScreen-Remote Client.