Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 589
  • Last Modified:

Netscreen 5GT to Netscreen 5GT VPN

Greetings,

I am truly a novice at installing firewall Equipment....That stated I need Specific step by step instructions for setting up each of the following machines.

                         Office Clent====NETSCREEN 5GT====VPN Tunnel======(((Internet)))=====VPN Tunnel===NETSCREEN 5GT=======Home Computer
           (Windows 2003 Server Domain)

1. The first thing that I would like to do is be able to remotely access the WebUI of the Netscreen 5GT from my off site computer (not in diagram) in order to administer the 5GT box on each end.
2. I need to know the Exact step by Step procedure that must be taken in order to click an icon on the "Home Computer" desktop and be working on the office client desktop.
3. I would prefer to shield the Server so that it's involvement is transparent.
4. I read a considerable amount of VPN posts on the internet and each one has some good point but none thus far have employed a Step by Step best practice for deploying this fairly basic VPN.
0
EdCon
Asked:
EdCon
  • 6
  • 4
1 Solution
 
Rick HobbsRETIREDCommented:
It is very easy to set up.  Your can setup  a network to network VPN by using the ScreenOS VPN wizard.  Just login to the local unit and use the wizard and then go home and use the wizard on that one.  Or if someone is available at both locations (preferable) you can configure and test without having to run back and forth to make changes.
0
 
EdConAuthor Commented:
Thanks...

Are there any step by step directions for a Netscreen 5GT out there?  Do any configs have to be done to the server?  Do any configs have to be done to the  office client or home computer.  Do certificates have to be created for better security?  I am sorry but I need to have fully explained answers. Do you have this info rickhobbs or are there any Netscreen gurus out there?


Thanks again,
EdCon
0
 
EdConAuthor Commented:
Greetings,

My purpose is to get the VPN up, but I would also like to be able to employ "Best Practices" .  Do they exist  ?  The data in this case is medical and must be protected.  DO I need to employ L2TP?  SSL ?   What is the best ?  IKE ?  etc...

Thanks sincerely,


EdCon
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
jabiiiCommented:
EdCon, give me a few minutes and I will try to make this simple for you.
0
 
jabiiiCommented:
So you are using 2 NS5GT's correct? what mode did you have in mind for them? Layer 3 route/nat mode or layer2 Transparent mode?
0
 
jabiiiCommented:
this might help too
http://www.experts-exchange.com/Networking/Broadband/VPN/Q_21816378.html#16525747

if you need more help as far as the settup and best practices for the GT let me know and I will give you my recommendations, but I'd need some kind of layout from you as far as how you wanted them implemented and which one or both.

If you need more help with choosing which mode to be in let me know that too.

JIm
0
 
EdConAuthor Commented:
jabiii,

Thank you for the help....I will need to speak to you one day...I figured the thing out on my own and my head is on fire...I am able to ping remote IP...Now having some difficulty setting up the remote desktop on the remote machine.  I cannot remote into the machine locally...Any "Best practices Troubleshooting for Remote Desktop?


EdCon
0
 
jabiiiCommented:
Well not setting up the service, but as far as the VPN is concerened, lock it down :) create your service, and lock the RD down to only those IP's that need it.

Best policy for any VPN/FW is to deny by default allow by exception. (Note if there are no policies created, the default from the factory is allow, however you can change this (set/unset policy default, followed by get policy will show you which is active)
Read logs
Screen your everything on the external interface, and most stuff on the internal.

I think there was another thread where a bunch of us had best practices for security, if I find it I will put it here for ya.



as far as your other problem. Your able to ping the remote IP, that being the IP of the server or VPN?
And remote desktop to the server behind the VPN through the tunnel right? you have to have your Custom service setup TCP3389, and a policy alllowing it. Also need to verify that RD is running and doesn't have any firewalls/routers blocking RD into it. (software or hardware)
hmm ok to early in the morning my brain hurts now!

Jim
0
 
EdConAuthor Commented:
Best Regards,

Up and running as planned...with your help


Thx again,

EdCon
0
 
jabiiiCommented:
Sweet, *hi5*
Glad ya got it running, let me know how you like it once you get comortable w/it :)
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now