Juniper SSG350M accepting Cisco IPSEC vpn connection

I have a Juniper SSG350M with firmware 6.3.0r17.0 and am using ScreenOS WebUI.  I need to let someone vpn in from a vpnc version 0.5.3r512 without creating a site to site vpn.  I'm not sure if it is possible to allow a Cisco IPsec vpn connection from a vpnc  client.  I need to allow someone access to a certain port on one of my servers.  Can someone confirm that this can be done and possibly put me in the right direction?  Thanks in advance.
jdltekAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Juniper ScreenOS is supported by vpnc, according to https://www.unix-ag.uni-kl.de/~massar/vpnc/.
So it should only be a matter of setting compatible IPSec and IKE parameters on both sides.
0
jdltekAuthor Commented:
Wouldn't that be a point to point connection?  I need it to be initiated from the vpnc side.  I was told by the person using the vpnc that they won't setup a site to site connection.
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Why should you think that? vpnc is a client, creating a client-2-site (or dial-in) connection.
0
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

jdltekAuthor Commented:
Sorry, I did not realize it was a client.  I have created a dialup vpn with screenos by following the following article, but it still isn't connecting.

http://kb.juniper.net/InfoCenter/index?page=content&id=KB14878
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
The config example looks correct.
Any details? The vpnc client telling something? You should have at least an indication how far the connection negotiation is processing.
0
jdltekAuthor Commented:
VPN client returned 'vpnc: no response from target '.
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
That is indeed not helpful. Did you check the vpnc settings for using the same parameters?
Try to get something more informative from the client, and/or use the debugging features of ScreenOS. That is, on SSG in (telnet) CLI:
set sa-filter public.ip.of.vpnclient
clear dbuf
debug ike info
    now use vpnc, and wait some seconds
undebug all
get dbuf stream

Open in new window

Be prepared to get a lot of log data. We are especially after messages written in all caps, like NO_PROPOSAL_CHOSEN.
0
jdltekAuthor Commented:
This is the log file they sent me.    I don't see NO_PROPOSAL_CHOSEN.
comment.txt
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
vpnc is sending 24 (!) proposals, and the SSG might ignore anything beyond the forth (#3) (or not). If you used the config example provided by Juniper, an appropriate proposal is #6 (the seventh one). Since there is nothing in the protocol than the initial packet, I assume the proposal is the issue.
Configure the SSG to use this as the first proposal (this is the first sent by vpnc):
  AES 256bit, SHA-1, DH-2 (1024bit)

Again, you will get more details if you start debugging on SSG while vpnc connects.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jdltekAuthor Commented:
I'm sorry I did not get back to you.  I had them go through their client and make everything match what I had setup.  Thanks again!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.