Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Configuring an L2TP Group Gateway and VPN on the Juniper Firewall

0

0

Article ID: KB4181 KB Last Updated: 17 Jun 2010Version: 7.0
Summary:
Configuring an L2TP Group Gateway and VPN on the Juniper Firewall
Symptoms:

Solution:

Note: This article applies to ScreenOS 5.0 and above.

 

To configure an L2TP group gateway and VPN on the Juniper Firewall, perform the following steps:

 

Step one: Open the WebUI. For an example of how to access the WebUI, consult: KB4060 - Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI

Step two: From the ScreenOS options menu, click VPNs, select AutoKey Advanced, and then click Gateway.

Image of step two


Step three: Click New.

Image of step three


Step four: From the Edit screen, enter a Gateway Name. From Security Level, click Custom.

Note: For this example, we entered JohnDoeGate.

Image of step four and five

Step five: From Remote Gateway Type, click to select Dialup User Group. From the Group drop-down menu, click to select your group.

Note: For this example, we selected usergroup1.

Step six: From the Preshared Key text box, enter a Preshared Key.

Note: For this example, we have entered Password9.

Image of step six

Step seven: From Outgoing Interface, click to select your external interface. Then click Advanced.

Note: For this example, the public external interface is the untrust interface on a 5GT in trust-untrust mode. 

Image of step seven

Step eight: From Phase 1 Proposal drop-down menu, click to choose a proposal.

Note: For this example, we chose pre-g2-des-sha. When choosing the Phase 1 Proposal, you must select pre for the proposal.

Image of step eight and nine

Step nine: From Mode (Initiator), click to select Aggressive.

Step ten: Click Return.

Image of step ten

Step eleven: Click OK.

Image of step eleven

Step twelve: From the ScreenOS options menu, click VPNs, select AutoKey IKE.

Image of step twelve

Step thirteen: Click New.

Image of step thirteen

Step fourteen: From VPN Name, enter a VPN Name. Click to select Custom.

Note: For this example, we entered JohnDoeIke.

Image of step fourteen and fifteen

Step fifteen: From the Remote Gateway drop-down menu, click to select a Remote Gateway.

Note: For this example, we chose JohnDoeGate.

Step sixteen: Click Advanced.

Image of step sixteen

Step seventeen: From User Defined, click to select Custom. From the Phase 2 Proposal drop-down menus, click to choose the Phase 2 Proposal settings.

Note: For this example, we chose nopfs-esp-des-md5, nopfs-esp-3des-md5, nopfs-esp-des-sha, and nopfs-esp-3des-sha.

Image of step seventeen and eighteen

Step eighteen: From Transport Mode, click (For L2TP-over-IPSec only). From Bind to, click None.

Step nineteen: Click Return.

Image of step nineteen

Step twenty: Click OK.

Image of step twenty

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search