fir3net
PPS-Firenetbanner-780.5x190-30-03-17

Netscreen - Basic Remote Access (Dial up) VPN

Below will show how to create a basic Remote Access VPN using Pre Shared Keys.

This guide presumes that you already have the Netscren Remote VPN Client installed onto your local machine and was created using the following software versions :

  • ScreenOS - 6.2.0r1.0
  • Netscren Remote VPN Client - 10.8.3 (Build 6)

Below is an outline of the required steps,

  1. Create User
  2. Create Group
  3. Create Phase 1 Prosposals
  4. Create Phase 2 Prosposals
  5. Create Policy
  6. Configure your Netscren Remote VPN Client

This example will be allowing us to connect to the subnet 192.168.1.0/24 (Trust Interface). Our Client will be connecting to the netscreen on the Untrust interface using the IP address 1.1.1.1.

Create User

  1. Goto "Objects > Users > Local" Click New
  2. Create a new user with the following details.

                Username: User1
                Status: Enable
                Click IKE User
                Number of Multiple Logins: 1
                Click Simple Identity
                IKE Identity: This email address is being protected from spambots. You need JavaScript enabled to view it.

     3. Click OK

Create Group

  1. Goto "Objects | User Groups | Local"
  2. Create a new usergroup and add your newly created user.

Create Phase 1 Prosposals

  1. Goto "VPNs | AutoKey | Advanced | Gateways | New"
  2. Add your "Gateway Name"
  3. Select "Remote Gateway | Dialup User Group" and choose your group from the drop down menu.
  4. Click Advanced
  5. Add your "Preshared Key"
  6. Add your Outgoing Interface (This will be the interface you are connect your Netscreen from. So normally this will be Untrust)
  7. Select "Security Level | User Defined | Custom" and choose "pre-g1-des-md5"
  8. Select "Mode | Aggressive"
  9. Click Return
  10. Click OK

Create Phase 2 Prosposals

  1. Click "VPNs | AutoKey IKE | New"
  2. Add your VPN Name
  3. Select "Remote Gateway | Predefined" and choose your previously created gateway from the drop down.
  4. Select Advanced
  5. Select "Security Level | User Defined | Custom" and select "g2-esp-3des-md5" from the drop down menu.
  6. Select Return
  7. Select OK

Create Policy

  1. Select "Policy | Policies"
  2. Select "From Untrust to Trust"
  3. Select "Dial-Up VPN" for the source address
  4. Add a new address of "192.168.1.0/24" for the destination address.
  5. Select "Action : Tunnel"
  6. Select your Dialup VPN created previously for the Tunnel.
  7. Select "Position at Top"
  8. Click "OK"

Configure your Netscren Remote VPN Client

  1. Launch NetScreen-Remote Security Policy Editor
  2. Right Click "My Connections" and Select Add
  3. Name your new connection
  4. Add the following to the various sections,



Remote Party Identity and Addressing

  • ID Type: IP Subnet
  • Subnet: 192.168.1.0
  • Netmask: 255.255.255.0
  • Click Connect using Secure Gateway Tunnel
  • ID Type: IP Address: 1.1.1.1

My Identity

  • Select Certificate: None
  • ID Type: Email address: This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Click Pre-Shared Key and Enter Key (in this case its netscreen)
  • Enter the Pre-shared key netscreen

Security Policy

  • Select Phase 1 Negotiation Mode: Aggressive
  • Select Enable Perfect Forward Secrecy (PFS)
  • PFS Key Group: Diffie-Hellman Group 2
  • De-select "Enable Replay Detection"

Authentication (Phase 1)

  • Select Proposal 1
  • Encryption Alg: Triple DES
  • Hash Alg: MD5
  • SA Life: Unspecified
  • Key Group: Diffie-Hellman Group 2

Key Exchange (Phase 2)

  • Select Proposal 1
  • Encrypt Alg. Triple DES
  • Hash Alg. MD5
  • Encapsulation: Tunnel

Click Save
Right click the Netscreen Icon and choose connect.

Tags: VPN, Netscreen

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001