Setting up a VPN Tunnel on a Juniper-NS5GT

Posted on 2009-04-22
Last Modified: 2012-06-27
I am not a networking professional (most of my work entials desktop support) and my networking knowledge does not extend much beyond my Comptia Net+ certification. I have been employed by a small company who aleady has a 20 Client LAN on MS SBS 2003. The owner has asked me to allow him to access his desktop machine from his home. I assume the best/easiest way to go about this is with a VPN tunnel. They have a Juniper NS5GT firewall/VPN device in place. I need some basic instruction on creating the VPN connection.
I'm a bit confused as I  only have expernince with VNC with basic routers and forwarded the appropraite ports.

I have search Junipers KB but the language is a little over my head... any help would be apprecaited.
Question by:dannyg280
    LVL 18

    Expert Comment

    2 main ways to set up VPNs on a Juniper

    Site to Site VPN -this is the most common usage and uses full IPSEC tunnels between 2 firewalls, this link provides more info:

    Remote access VPN - this is also called a dial up VPN, where a small client app is installed on a laptop/PC and then used to connect to a firewall to create a VPN tunnel between the client and the firewall.

    Each of them will grant the access you need.

    So, if the owner has a VPN enabled firewall at home, I would go for the site to site VPN and if he hasnt then go for the remote access (dial up VPN)
    LVL 67

    Expert Comment

    A good (easy config) free VPN client is Shrew ( Step-by-step configuration example for Juniper is available at that site, too.
    LVL 18

    Expert Comment

    Nice link for the Shrew stuff.  Only ever used the NS Remote software before, so good to get something else to try.


    Author Comment

    Sorry about the delay getting back to you guys. Shew looks awesome... one thing I'm not sure of in the documention... what is the "IKE Identity" when setting up a new user? Is it the Identity of the user with local access?
    LVL 67

    Accepted Solution

    IKE identity is only used for finding the appropriate IKE (Phase 1) definition ("Autokey Advanced - Gateway"), with XAuth definition, Pre-Shared-Key or Certificate aso.

    This is needed because a client cannot be assigned to a special Dial-In VPN definition without.

    The IKE identity is not used further, by Windows, RADIUS or alike.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    Suggested Solutions

    Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
    This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now