Configuring a Dial-Up VPN to Authenticate via WebAuth on Your Juniper Networks NetScreen Device
This article applies to ScreenOS 4.0 and higher.
To configure a dial-up VPN to authenticate via WebAuth on your Juniper Networks NetScreen device, perform the following steps:

Open the WebUI. For more information on accessing the WebUI, go to
Accessing Your NetScreen Using the WebUI.

From the NetScreen options menu, click
Objects, select
Users, and then click
Local.


From the
Local page, click
New.


In the
User Name text box, enter a user name.


Click to select
Simple Identity.


In the
IKE Identity text box, enter an IKE identity.

Click to select
Authentication User, and in the
User Password and
Confirm Password text boxes, enter a password, and then confirm it.


Click
OK.

From the NetScreen options menu, click
VPNs, select
AutoKey Advanced, and then click
Gateway.


From the
Gateway page, click
New.


In the
Gateway Name text box, enter a gateway name.


From
Remote Gateway Type, click to select
Dialup User, and in the
User drop-down menu, click to select the IKE user name.


In the
Preshared Key text box, enter a preshared key.


In the
Outgoing Interface drop-down menu, click to select
ethernet3.


Click
Advanced.

From
User Defined, click to select
Custom.


In the
Phase 1 Proposal drop-down menu, click to choose an encryption level.

From
Mode (Initiator), click to select
Aggressive.


Click
Return.


Click
OK.


From the NetScreen options menu, click
VPNs, and then click
AutoKey IKE.


From the
AutoKey IKE page, click
New.


In the
VPN Name text box, enter a VPN name. From
Security Level, click to select
Custom.


From
Remote Gateway, click to select
Predefined, and then in the
Predefined drop-down menu, click to select the remote gateway.

Click
Advanced.


From
Phase 2 Proposal, click to choose an encryption level.


Click
Return.


Click
OK.


From the NetScreen options menu, click
Policies.


In the
From drop-down menu, click to select
Untrust, and in the
To drop-down menu, click to select
Trust.


Click
New.

From
Source Address, click to select
Address Book, and then in the drop-down menu, click to select
Dial-Up VPN.


From
Destination Address, click to select
New Address, and then in the text box, enter the WebAuth IP address.

In the
Service drop-down menu, click to select
HTTP, and in the
Action drop-down menu, click to select
Tunnel.


In the
Tunnel VPN drop-down menu, click to select the dial-up VPN.

Click
OK.


Configure the NetScreen-Remote client. For more information, go to
Configuring a Dial-Up VPN to Authenticate via WebAuth on Your Juniper Networks NetScreen-Remote Client.