For those who might be interested
Netscreen 5XP OS 4
==================
IP : Dynamic address
Gateway:
--------
STATIC IP : 212.35.100.66 (astaro wan ip)
Security level: standard
preshared key :xxxxxxx
P2 Proposal:
------------
PFS[:D]H-5
ENCAPSULATION:ESP
Encryption/Auth: 3DES/SHA
Lifetime: 28800
AutoKey IKE:
------------
Security level: the P2 proposal defined above
Object network:
---------------
Define HOME_LAN (netscreen trusted network)
Define CORP_LAN (Astaro trusted LAN)
Create bi-directionnal policy
home --> corp: tunnel (VPN name defined in autoKey IKE)
corp --> LAN: tunnel (same)
ASTARO 3.2 (Static IP)
==========
Define the same networks if needed (the trusted CORP_LAN is often already there)
Define new Remote Key:
PSK - same preshared key
New connection:
---------------
Policy:
local endpoint: WAN interface
remote endpoint: Dynamic IP
Local Subnet: CORP_LAN
remote subnet: HOME_LAN
Key: the one defined above.
Filter Rule:
------------
add a rule from HOME --> CORP allowing the services needed
This thread was automatically locked due to age.