This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Netscreen to ASL VPN

Hello out there

We have some Netscreen boxes around here (5, 5XP, 10, 25 ...), and I've got an ASL box @ home (currently running 2.022 with all updates - but I'll upgrade this weekend to the 3.040BETA, because of PPPoE Support)

Now I'm trying to set up an Tunnel between them (Actually an NS5XP and an ASL2.022). Especially with the SPIBASE Value I've got some probs. Somebody knows how to configure the Netscreen part correctly, i read in another thread that is is difficult to configure the Netscreen Part. Unfortunately I've found no further informations.

Any help will be greatly appreciated.

This thread was automatically locked due to age.

Parents

0 Gert Hansen over 23 years ago

Do you use manual mode or ike for the keyexchange?

Kind regards
Gert
Cancel
Vote Up 0 Vote Down

Cancel
0 Cagliostro over 23 years ago in reply to Gert Hansen

Hello Gert

I intend to use Manual Keys. At least until you say me now:
why doing that? use IKE, this would be much simpler ... I've
simply no experience with these auto - key stories ...

What I have so far on the ASL side:

Name:

  Perfect Forwarding Secrecy : no
  Secure Association: manual

  SPIBASE: 0x400
  ESP:  3des-md5-96
  ESPENCKEY:
  ESPAUTHKEY:


  Local interface:  ---- Untrusted
  Local subnet:  ---- local subnet
  Remote IP:  ---- Netscreen  Firewall IP
  Remote subnet: Office LAN

on the Netscreen counterpart:

REMOTE TUNNEL GATEWAY CONFIGURATION

Gateway Name

--------------------------------------------------------------------------------

Remote Gateway
      Static IP Address
      Peer ID   (optional) ---> optional ???
      Dialup User User/Group   None

Mode (Initiator)
Main (ID Protection)

--------------------------------------------------------------------------------

Phase 1 Proposal
  pre-g2-3des-md5

--------------------------------------------------------------------------------

Preshared Key
Local ID   (optional)

--------------------------------------------------------------------------------

Nat-traversal  Enable
       UDP Checksum  Enable
      Keepalive frequency   Seconds (0~20 Sec)

--------------------------------------------------------------------------------

Local SPI 1025
Remote SPI 1024 (0x400 on the ASL)

Greets from switzeland & Thanks
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Cagliostro over 23 years ago in reply to Gert Hansen

Hello Gert

I intend to use Manual Keys. At least until you say me now:
why doing that? use IKE, this would be much simpler ... I've
simply no experience with these auto - key stories ...

What I have so far on the ASL side:

Name:

  Perfect Forwarding Secrecy : no
  Secure Association: manual

  SPIBASE: 0x400
  ESP:  3des-md5-96
  ESPENCKEY:
  ESPAUTHKEY:


  Local interface:  ---- Untrusted
  Local subnet:  ---- local subnet
  Remote IP:  ---- Netscreen  Firewall IP
  Remote subnet: Office LAN

on the Netscreen counterpart:

REMOTE TUNNEL GATEWAY CONFIGURATION

Gateway Name

--------------------------------------------------------------------------------

Remote Gateway
      Static IP Address
      Peer ID   (optional) ---> optional ???
      Dialup User User/Group   None

Mode (Initiator)
Main (ID Protection)

--------------------------------------------------------------------------------

Phase 1 Proposal
  pre-g2-3des-md5

--------------------------------------------------------------------------------

Preshared Key
Local ID   (optional)

--------------------------------------------------------------------------------

Nat-traversal  Enable
       UDP Checksum  Enable
      Keepalive frequency   Seconds (0~20 Sec)

--------------------------------------------------------------------------------

Local SPI 1025
Remote SPI 1024 (0x400 on the ASL)

Greets from switzeland & Thanks
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data