Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Setting up a VPN Tunnel on a Juniper-NS5GT

Posted on 2009-04-22
Medium Priority
Last Modified: 2012-06-27
I am not a networking professional (most of my work entials desktop support) and my networking knowledge does not extend much beyond my Comptia Net+ certification. I have been employed by a small company who aleady has a 20 Client LAN on MS SBS 2003. The owner has asked me to allow him to access his desktop machine from his home. I assume the best/easiest way to go about this is with a VPN tunnel. They have a Juniper NS5GT firewall/VPN device in place. I need some basic instruction on creating the VPN connection.
I'm a bit confused as I  only have expernince with VNC with basic routers and forwarded the appropraite ports.

I have search Junipers KB but the language is a little over my head... any help would be apprecaited.
Question by:dannyg280
  • 2
  • 2
LVL 18

Expert Comment

ID: 24206811
2 main ways to set up VPNs on a Juniper

Site to Site VPN -this is the most common usage and uses full IPSEC tunnels between 2 firewalls, this link provides more info:

Remote access VPN - this is also called a dial up VPN, where a small client app is installed on a laptop/PC and then used to connect to a firewall to create a VPN tunnel between the client and the firewall.


Each of them will grant the access you need.

So, if the owner has a VPN enabled firewall at home, I would go for the site to site VPN and if he hasnt then go for the remote access (dial up VPN)
LVL 72

Expert Comment

ID: 24224088
A good (easy config) free VPN client is Shrew (www.shrew.net). Step-by-step configuration example for Juniper is available at that site, too.
LVL 18

Expert Comment

ID: 24224183
Nice link for the Shrew stuff.  Only ever used the NS Remote software before, so good to get something else to try.


Author Comment

ID: 24244514
Sorry about the delay getting back to you guys. Shew looks awesome... one thing I'm not sure of in the documention... what is the "IKE Identity" when setting up a new user? Is it the Identity of the user with local access?
LVL 72

Accepted Solution

Qlemo earned 2000 total points
ID: 24246114
IKE identity is only used for finding the appropriate IKE (Phase 1) definition ("Autokey Advanced - Gateway"), with XAuth definition, Pre-Shared-Key or Certificate aso.

This is needed because a client cannot be assigned to a special Dial-In VPN definition without.

The IKE identity is not used further, by Windows, RADIUS or alike.

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This program is used to assist in finding and resolving common problems with wireless connections.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question