I have been given a rather fun task. I should mention that, while I can deal with basic routing, switch config and so on, when it comes to VPNs, I am close to clueless.
Unfortunately, I've been trying for 3 weeks now, and I really need to find a solution. I'm trying to set up a Juniper SSG-20 with a VPN to a Cisco ASA 5500 at a remote site.
The situation is this:
I have a local network (10.0.0.0/8 - don't ask).
I need to set up a LAN to LAN VPN to another site. The other site's LAN address is 10.180.2.0/24.
The VPN peer (if that's the right terminology), changed the protect the innocent, is 184.108.40.206.
I've been given a pre-shared key and options to use for phase 1 and phase 2 (whatever they are).
Now, obviously the subnets of the VPN clash. I've been told I need to perform network address translation at our end so that IPs on our network appear as part of the range 10.90.238.0/24.
I've been playing around for a while now, and so far I've got as far as being rejected in the phase 1 section of negotiations, with an "invalid cookie" error (which makes no sense to me).
I would very much appreciate some assistance on this. Because I don't really know what I'm doing with regard to VPNs and NAT, configuration examples would be most welcome. The Juniper box at this end isn't doing anything else, so I can do whatever I want with it.