Netscreen 5GT to Netscreen 5GT VPN

Greetings,

I am truly a novice at installing firewall Equipment....That stated I need Specific step by step instructions for setting up each of the following machines.

                         Office Clent====NETSCREEN 5GT====VPN Tunnel======(((Internet)))=====VPN Tunnel===NETSCREEN 5GT=======Home Computer
           (Windows 2003 Server Domain)

1. The first thing that I would like to do is be able to remotely access the WebUI of the Netscreen 5GT from my off site computer (not in diagram) in order to administer the 5GT box on each end.
2. I need to know the Exact step by Step procedure that must be taken in order to click an icon on the "Home Computer" desktop and be working on the office client desktop.
3. I would prefer to shield the Server so that it's involvement is transparent.
4. I read a considerable amount of VPN posts on the internet and each one has some good point but none thus far have employed a Step by Step best practice for deploying this fairly basic VPN.
EdConAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rick HobbsRETIREDCommented:
It is very easy to set up.  Your can setup  a network to network VPN by using the ScreenOS VPN wizard.  Just login to the local unit and use the wizard and then go home and use the wizard on that one.  Or if someone is available at both locations (preferable) you can configure and test without having to run back and forth to make changes.
0
EdConAuthor Commented:
Thanks...

Are there any step by step directions for a Netscreen 5GT out there?  Do any configs have to be done to the server?  Do any configs have to be done to the  office client or home computer.  Do certificates have to be created for better security?  I am sorry but I need to have fully explained answers. Do you have this info rickhobbs or are there any Netscreen gurus out there?


Thanks again,
EdCon
0
EdConAuthor Commented:
Greetings,

My purpose is to get the VPN up, but I would also like to be able to employ "Best Practices" .  Do they exist  ?  The data in this case is medical and must be protected.  DO I need to employ L2TP?  SSL ?   What is the best ?  IKE ?  etc...

Thanks sincerely,


EdCon
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

jabiiiCommented:
EdCon, give me a few minutes and I will try to make this simple for you.
0
jabiiiCommented:
So you are using 2 NS5GT's correct? what mode did you have in mind for them? Layer 3 route/nat mode or layer2 Transparent mode?
0
jabiiiCommented:
this might help too
http://www.experts-exchange.com/Networking/Broadband/VPN/Q_21816378.html#16525747

if you need more help as far as the settup and best practices for the GT let me know and I will give you my recommendations, but I'd need some kind of layout from you as far as how you wanted them implemented and which one or both.

If you need more help with choosing which mode to be in let me know that too.

JIm
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
EdConAuthor Commented:
jabiii,

Thank you for the help....I will need to speak to you one day...I figured the thing out on my own and my head is on fire...I am able to ping remote IP...Now having some difficulty setting up the remote desktop on the remote machine.  I cannot remote into the machine locally...Any "Best practices Troubleshooting for Remote Desktop?


EdCon
0
jabiiiCommented:
Well not setting up the service, but as far as the VPN is concerened, lock it down :) create your service, and lock the RD down to only those IP's that need it.

Best policy for any VPN/FW is to deny by default allow by exception. (Note if there are no policies created, the default from the factory is allow, however you can change this (set/unset policy default, followed by get policy will show you which is active)
Read logs
Screen your everything on the external interface, and most stuff on the internal.

I think there was another thread where a bunch of us had best practices for security, if I find it I will put it here for ya.



as far as your other problem. Your able to ping the remote IP, that being the IP of the server or VPN?
And remote desktop to the server behind the VPN through the tunnel right? you have to have your Custom service setup TCP3389, and a policy alllowing it. Also need to verify that RD is running and doesn't have any firewalls/routers blocking RD into it. (software or hardware)
hmm ok to early in the morning my brain hurts now!

Jim
0
EdConAuthor Commented:
Best Regards,

Up and running as planned...with your help


Thx again,

EdCon
0
jabiiiCommented:
Sweet, *hi5*
Glad ya got it running, let me know how you like it once you get comortable w/it :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.