Knowledge Search


×
 

[ScreenOS] Configuring the NetScreen Device to Force all Dial-Up VPN Traffic Through the Device Before Going to the Internet

  [KB4396] Show Article Properties


Summary:
Configuring the NetScreen Device to Force all Dial-Up VPN Traffic Through the Device Before Going to the Internet
Solution:

This article shows how to:

  • Create a tunnel interface for the route-based VPN
  • Create an IP pool
  • Create a new XAuth user
  • Create a new IKE ID user

 

To configure the NetScreen device side to force all dial-up VPN traffic through the NetScreen, perform the following steps:

  1. Open the WebUI. For more information on accessing the WebUI, go to Accessing Your NetScreen Using the WebUI.
  2. From the NetScreen options menu, click Network, and then click Interfaces.
    Image of step two
  3. Click New.
    Image of step three
  4. From the Tunnel Interface Name text box, enter a tunnel name.

    For this example, we have entered 1.

    Image of step four and five

  5. From the Zone drop-down menu, click to choose a Zone.
    For this example, we have selected Trust (trust-vr).
  6. Click to select Unnumbered, then from the Interface drop-down menu, click to choose an Interface.

    For this example, we have selected trust (trust-vr).

    Image of step six and seven

  7. Click OK.
  8. From the NetScreen options menu, click Objects, and then click IP Pools.
    Image of step eight
  9. Click New.
    Image of step nine
  10. From the Edit screen, enter an IP Pool Name, Start IP, and End IP.

    For this example, we have entered an IP Pool Name of XAuth Pool, a Start IP of 11.11.11.11, and an End IP of 11.11.11.20.

    Note: You must enter an IP Pool that is different from any other assigned address on the NetScreen device.

    Image of step ten and eleven

  11. Click OK.
  12. From the NetScreen options menu, click Objects, select Users, and then click Local.
    Image of step twelve
  13. Click New.
    Image of step thirteen
  14. From Auth/IKE/L2TP/XAuth User, enter a User Name.
    Image of step fourteen and fifteen
  15. Click to select Enable.
  16. Click to select XAuth User, enter a User Password, and then Confirm Password.
    Image of step sixteen and seventeen
  17. In the IP Pool drop-down menu, click to select XAuth Pool.
  18. Click OK.
    Image of step eighteen
  19. From the NetScreen options menu, click Objects, select Users, and then click Local.
    Image of step nineteen
  20. Click New.
    Image of step twenty
  21. From Auth/IKE/L2TP/XAuth User, enter a User Name.
    Image of step twenty-one and twenty-two
  22. Click to select Enable.
  23. Click to select IKE User, and then click to select Simple Identity.
    Image of step twenty-three and twenty-four
  24. From the IKE Identity text box, enter an IKE Identity.
  25. Click OK.
    Image of step twenty-five
  26. To further configure the NetScreen device side, go to Configuring the NetScreen Device to Force all Dial-Up VPN Traffic Through the Device Before Going to the Internet (continued).
Modification History:
2019-03-05: Content reviewed for accuracy.  Fixed broken links
Related Links: