Routers
--
Questions
--
Followers
Top Experts
Juniper Netscreen 5GT vpn client setup help
I am trying to do a favor for a friend of mine, the owner of a medical practice (which I sometimes do a bit of work for) who is trying to get access to his office LAN. The party that configured their network was the local hospital, but they have thus far been unhelpful in getting him remote access. Their office employs a Netscreen 5GT router, and the doctor has the Juniper VPN client and I would like to help him set up the two of them so that he has access to the office LAN. Unfortunately, my knowledge of networking does not seem to be sufficient for setting up the Netscreen, whose interface is very confusing to me. So basically I have a netscreen with no configuration settings aside from those which connect it to the local hospital and other offices via VPN tunnels.
I have searched around online, but have been unable to find any sort of guide that explains how to configure the router and the client properly to allow VPN access. If anyone can help me out, either by providing a resource, or by actually walking me through the setup, I would really appreciate it. Thanks
I have searched around online, but have been unable to find any sort of guide that explains how to configure the router and the client properly to allow VPN access. If anyone can help me out, either by providing a resource, or by actually walking me through the setup, I would really appreciate it. Thanks
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Hi,
You can refer the online technical document which will explain you the exact steps to configure the Netscreen firewall as well as the dialup client.
You just need to follow exactly how the document explains.
http://www.juniper.net/techpubs/software/screenos/screenos6.0.0/ce_all.pdf
Volume 5 >Â Virtual Private Networks >Â Dialup virtual private networks >Â Dialup >Â Policy or route based vpns
Go through the diagramatic representation its fairly simple to understand and neat.
Any issues let me know.
You can refer the online technical document which will explain you the exact steps to configure the Netscreen firewall as well as the dialup client.
You just need to follow exactly how the document explains.
http://www.juniper.net/techpubs/software/screenos/screenos6.0.0/ce_all.pdf
Volume 5 >Â Virtual Private Networks >Â Dialup virtual private networks >Â Dialup >Â Policy or route based vpns
Go through the diagramatic representation its fairly simple to understand and neat.
Any issues let me know.
Good, Amol has a point, take a look at there as well. However, look for SOS version that is running on your box. I don't believe 6.0 is supported on 5gt [ not sure though ]
Cheers,
Rajesh
Cheers,
Rajesh
Hmm makes sense. Good point Rajesh.
VPN details in the doc wont change but ya you should refer 5.4 doc
http://www.juniper.net/techpubs/software/screenos/screenos5.4.0/CE_all.pdf
Bingo
VPN details in the doc wont change but ya you should refer 5.4 doc
http://www.juniper.net/techpubs/software/screenos/screenos5.4.0/CE_all.pdf
Bingo
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Thanks to everyone for the helpful advice. To be honest, I found the guides rsivanandan posted links to the simplest to use, although I still got stuck on step number 40 of this guide (http://kb.juniper.net/CUSTOMERSERVICE/KB4175). The problem is that after having followed all of the previos steps (and I did try it three times, so I'm reasonably confident that I'm not making a mistake), my VPN tunnel name simply does not appear in the drop down box shown in step 40. The other VPN tunnels on the device do show up, but mine does not. I was hoping that someone might be able to give me a bit of help, since this seems to be almost the last step in the process. Thanks again.
What SOS version are you running ?
Cheers,
Rajesh
Cheers,
Rajesh
Did you create a vpn using 27th step?
The same is seen in the drop down.
If any issues jus ping back
The same is seen in the drop down.
If any issues jus ping back
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
Well, I was finally able to set up the 5GT side of things, but I am having a bit of trouble connecting via the remote client. I'I set it up according to the directions, but as with the other set of directions, some settings are never touched on, so I can't be positive that they're right. I'm including a copy of the event log from the Netscreen Client, in hopes that it might be analyzed by someone who could help me out. Thanks.
 7-01: 16:53:30.593 Interface added: 10.32.0.102/255.255.255.0 on LAN "Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller".
 7-01: 16:53:31.093 Filter table loaded.
 7-01: 16:53:31.234 This is a  version of NetScreen-Remote.
 7-01: 16:54:14.265
 7-01: 16:54:14.281 My Connections\FHP Willard - Initiating IKE Phase 1 (IP ADDR=70.62.196.34)
 7-01: 16:54:14.843 My Connections\FHP Willard - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
 7-01: 16:54:14.953 My Connections\FHP Willard - RECEIVED<<< ISAKMP OAK AG (SA, VID 3x, KE, NON, ID, HASH, VID, NAT-D 2x)
 7-01: 16:54:14.953 My Connections\FHP Willard - Peer supports Dead Peer Detection Version 1.0
 7-01: 16:54:14.953 My Connections\FHP Willard - Dead Peer Detection enabled
 7-01: 16:54:14.953 My Connections\FHP Willard - Peer is NAT-T draft-02 capable
 7-01: 16:54:14.953 My Connections\FHP Willard - Dead Peer Detection enabled
 7-01: 16:54:14.953 My Connections\FHP Willard - NAT is detected for Client
 7-01: 16:54:14.953 My Connections\FHP Willard - Floating to IKE non-500 port
 7-01: 16:54:15.125 My Connections\FHP Willard - SENDING>>>> ISAKMP OAK AG *(HASH, NAT-D 2x, NOTIFY:STATUS_REPLAY_STATU
 7-01: 16:54:15.125 My Connections\FHP Willard - Established IKE SA
 7-01: 16:54:15.125   MY COOKIE 27 84 85 4c e7 14 62 12
 7-01: 16:54:15.125   HIS COOKIE d5 a7 77 a9 6e 24 8d ae
 7-01: 16:54:15.312
 7-01: 16:54:15.312 My Connections\FHP Willard - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, ID 2x)
 7-01: 16:54:30.921 My Connections\FHP Willard - QM re-keying timed out. Retry count: 1
 7-01: 16:54:30.921 My Connections\FHP Willard - SENDING>>>> ISAKMP OAK QM *(Retransmission)
 7-01: 16:54:46.031 My Connections\FHP Willard - QM re-keying timed out. Retry count: 2
 7-01: 16:54:46.031 My Connections\FHP Willard - SENDING>>>> ISAKMP OAK QM *(Retransmission)
 7-01: 16:55:01.031 My Connections\FHP Willard - QM re-keying timed out. Retry count: 3
 7-01: 16:55:01.031 My Connections\FHP Willard - SENDING>>>> ISAKMP OAK QM *(Retransmission)
 7-01: 16:53:30.593 Interface added: 10.32.0.102/255.255.255.0 on LAN "Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller".
 7-01: 16:53:31.093 Filter table loaded.
 7-01: 16:53:31.234 This is a  version of NetScreen-Remote.
 7-01: 16:54:14.265
 7-01: 16:54:14.281 My Connections\FHP Willard - Initiating IKE Phase 1 (IP ADDR=70.62.196.34)
 7-01: 16:54:14.843 My Connections\FHP Willard - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
 7-01: 16:54:14.953 My Connections\FHP Willard - RECEIVED<<< ISAKMP OAK AG (SA, VID 3x, KE, NON, ID, HASH, VID, NAT-D 2x)
 7-01: 16:54:14.953 My Connections\FHP Willard - Peer supports Dead Peer Detection Version 1.0
 7-01: 16:54:14.953 My Connections\FHP Willard - Dead Peer Detection enabled
 7-01: 16:54:14.953 My Connections\FHP Willard - Peer is NAT-T draft-02 capable
 7-01: 16:54:14.953 My Connections\FHP Willard - Dead Peer Detection enabled
 7-01: 16:54:14.953 My Connections\FHP Willard - NAT is detected for Client
 7-01: 16:54:14.953 My Connections\FHP Willard - Floating to IKE non-500 port
 7-01: 16:54:15.125 My Connections\FHP Willard - SENDING>>>> ISAKMP OAK AG *(HASH, NAT-D 2x, NOTIFY:STATUS_REPLAY_STATU
 7-01: 16:54:15.125 My Connections\FHP Willard - Established IKE SA
 7-01: 16:54:15.125   MY COOKIE 27 84 85 4c e7 14 62 12
 7-01: 16:54:15.125   HIS COOKIE d5 a7 77 a9 6e 24 8d ae
 7-01: 16:54:15.312
 7-01: 16:54:15.312 My Connections\FHP Willard - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, ID 2x)
 7-01: 16:54:30.921 My Connections\FHP Willard - QM re-keying timed out. Retry count: 1
 7-01: 16:54:30.921 My Connections\FHP Willard - SENDING>>>> ISAKMP OAK QM *(Retransmission)
 7-01: 16:54:46.031 My Connections\FHP Willard - QM re-keying timed out. Retry count: 2
 7-01: 16:54:46.031 My Connections\FHP Willard - SENDING>>>> ISAKMP OAK QM *(Retransmission)
 7-01: 16:55:01.031 My Connections\FHP Willard - QM re-keying timed out. Retry count: 3
 7-01: 16:55:01.031 My Connections\FHP Willard - SENDING>>>> ISAKMP OAK QM *(Retransmission)
SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Routers
--
Questions
--
Followers
Top Experts
A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.