Netscreen – Creating a route based VPN.

Below shows you how to create a route based vpn upon a Netscreen firewall using the firewalls gui interface.
This tutorial was created using the ScreenOS version 6.2.0r1.0.
The encryption domain for this guide will be,

  • Local Gateway : 1.1.1.1
  • Local Endpoint : 10.1.1.25/24
  • Remote Gateway : 192.168.1.107
  • Remote Endpoint : 172.28.16.0/24

Create Tunnel Interface

  1. Go into “Network | Interfaces”
  2. Select “Tunnel IF” from the drop down and click New
  3. Enter the tunnel interface Name (number)
  4. Select the Zone. This will be the outgoing zone and the corresponding Virtual Router.
  5. Select Unnumbered and select the interface. This will be your local interface that the un-encrypted traffic will arrive on.

Add the GW

  1. Goto “VPNs | AutoKey Advanced | Gateway” and select new
  2. Enter the “Gateway Name”
  3. Select “Static IP address” and add the IP

Create Tunnel Interface - Gateway Name

  1. Select “Adavanced”
  2. Enter your “Preshared Key”
  3. Select your “Outgoing interface”. This will normally be your Untrust interfcae.
  4. select “User Defined | Custom” and select your Phase 1 proposal.
  5. Select “Return”
  6. Select “OK”

Create Tunnel Interface - Preshared Key

Configure Phase 2

  1. Click “VPNs | AutoKey IKE | New”
  2. Add your “VPN name”
  3. Select your gateway

Create Tunnel Interface - VPN Name

  1. Click “Advanced”
  2. Select “User defined | Custom”
  3. Select your Phase 2 Proposal
  4. Select Bind to “Tunnel Interface” and select your Tunnel Interface you created earlier.
  5. Select “Proxy-ID” and add your Local and Remote IP`s.
  6. Select “Return”
  7. Select “OK”

Create Tunnel Interface - Security Level

Add Policy

  1. Create a new policy from “trust to untrust”
  2. Add your source and destination addresses and select “Position at Top”
  3. Select the Action as “Permit”.
  4. Click “OK”
  5. Create another policy for traffic going the other way.

Add a route

  1. Create a route within the required Virtual Router (default is trust-vr) for the remote end point.
  2. Select the next hop as gateway.
  3. Then select your tunnel interface from the drop down.

Create Tunnel Interface - Virtual Router Name

Rick Donato

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial