Scribd
Upload
102 views11 pages

IPSec Tunnel Configuration Between GWR Router and Juniper SSG Firewall

Uploaded by

m2mdesign

1. The document describes the configuration of an IPSec tunnel between a PRESTO ADVANCED Router and a Juniper SSG firewall to establish site-to-site connectivity. 2. It provides details on configuring the IPSec tunnel on both the PRESTO router and Juniper firewall, including IP addresses, encryption settings, interfaces, routing, and policies. 3. The configuration involves setting up the tunnel interfaces, AutoKey IKE and IPsec proposals on both devices, and establishing routing and policies between the trusted and untrusted zones to allow connectivity over the secure IPSec tunnel.

Copyright:

© All Rights Reserved
Download as DOC, PDF, TXT or read online from Scribd
Download as doc, pdf, or txt

IPSec Tunnel Configuration Between GWR Router and Juniper SSG Firewall

Uploaded by

m2mdesign
102 views11 pages
1. The document describes the configuration of an IPSec tunnel between a PRESTO ADVANCED Router and a Juniper SSG firewall to establish site-to-site connectivity. 2. It provides details on configuring the IPSec tunnel on both the PRESTO router and Juniper firewall, including IP addresses, encryption settings, interfaces, routing, and policies. 3. The configuration involves setting up the tunnel interfaces, AutoKey IKE and IPsec proposals on both devices, and establishing routing and policies between the trusted and untrusted zones to allow connectivity over the secure IPSec tunnel.

Original Title

IPSec Tunnel configuration between GWR Router and Juniper SSG firewall.doc

Copyright

© © All Rights Reserved

Available Formats

DOC, PDF, TXT or read online from Scribd

Did you find this document useful?

Is this content inappropriate?

1. The document describes the configuration of an IPSec tunnel between a PRESTO ADVANCED Router and a Juniper SSG firewall to establish site-to-site connectivity. 2. It provides details on configuring the IPSec tunnel on both the PRESTO router and Juniper firewall, including IP addresses, encryption settings, interfaces, routing, and policies. 3. The configuration involves setting up the tunnel interfaces, AutoKey IKE and IPsec proposals on both devices, and establishing routing and policies between the trusted and untrusted zones to allow connectivity over the secure IPSec tunnel.

Copyright:

© All Rights Reserved
Download as DOC, PDF, TXT or read online from Scribd
Download as doc, pdf, or txt
102 views11 pages

IPSec Tunnel Configuration Between GWR Router and Juniper SSG Firewall

Uploaded by

m2mdesign
1. The document describes the configuration of an IPSec tunnel between a PRESTO ADVANCED Router and a Juniper SSG firewall to establish site-to-site connectivity. 2. It provides details on configuring the IPSec tunnel on both the PRESTO router and Juniper firewall, including IP addresses, encryption settings, interfaces, routing, and policies. 3. The configuration involves setting up the tunnel interfaces, AutoKey IKE and IPsec proposals on both devices, and establishing routing and policies between the trusted and untrusted zones to allow connectivity over the secure IPSec tunnel.

Copyright:

© All Rights Reserved
Download as DOC, PDF, TXT or read online from Scribd
Download as doc, pdf, or txt
You are on page 1/ 11

IPSec Tunnel configuration between PRESTO ADVANCED

Router and Juniper SSG firewall


IPSec tunnel is a type of a VPN tunnels with a secure tunneling method. On
the diagram below Figure 87 is illustrated simple network with PRESO !"V!N#E"
Router and #isco Router. Idea is to create IPSec tunnel for $!N to $!N %site to site&
connecti'ity.
(igure ) * IPSec tunnel between PRESO !"V!N#E" Router and #isco Router
he PRESO !"V!N#E" Routers re+uirements,
"estination tunnel address should ha'e public static -!N IP address.
GSM/UMTS APN Type: (or .S/01/S networks PRESO !"V!N#E" Router
connections may re+uire a #ustom !PN. ! #ustom !PN allows for 'arious IP
addressing options2 particularly static IP addresses2 which are needed for most VPN
connections. ! custom !PN should also support mobile terminated data that may be
re+uired in most site*to*site VPNs.
he PRESO !"V!N#E" Router con3guration,
#lick Network ab2 to open the LAN NETWORK screen. 1se this screen to
con3gure $!N #P0IP settings. #on3gure IP address and Netmask.
IP !ddress, )45.)67.)8.)2
Subnet /ask, 599.599.599.82
Press Save to accept the changes.
(igure 5 * Network con3guration page for PRESO !"V!N#E" Router
1se SI/ card with a static IP address2 obtained from /obile Operator.
#lick WAN Settings ab to con3gure parameters necessary for .S/01/S
connection. !ll parameters necessary for connection con3guration should be
re+uired from mobile operator.
#heck the status of .S/01/S connection %WAN Settings ab&. If
disconnected please click Connect button.
#lick VPN Settings : IPSEC to con3gure IPSE# tunnel parameters. #lick
Add New Tunnel button to create new IPSec tunnel. unnel parameters are,
Add New Tunnel
unnel Name, IPsec tunnel2
Enable, true.
IPSec Setup
;eying /ode, I;E with Preshared key2
/ode, aggressi'e2
Phase ) "< group, .roup 52
Phase ) Encryption, ="ES2
Phase ) !uthentication, S<!)2
Phase ) S! $ife ime, 577882
Perfect (orward Secrecy, true2
Phase 5 "< group, .roup 52
Phase 5 Encryption, ="ES2
Phase 5 !uthentication, S<!)2
Phase 5 S! $ife ime, =6882
Preshared ;ey, )5=>96?748.
Local Group Setup
$ocal Security .ateway ype, IP Only2
$ocal I" ype, #ustom2
#ustom Peer I", )?5.=8.)>?.462
IP !ddress, SI/ )2
$ocal Security .roup ype, Subnet2
IP !ddress, )45.)67.)8.82
Subnet /ask, 599.599.599.8.
Reote Group Setup
Remote Security .ateway ype, IP Only2
IP !ddress, )98.)68.)?8.)2
Remote I" ype, IP !ddress2
Remote Security .roup ype, Subnet2
IP !ddress, )8.)8.)8.82
Subnet /ask, 599.599.599.8.
Advanced
#ompress%Support IP Payload #ompression Protocol%IP#omp&&,
false2
"ead Peer "etection%"P"&, false2
N! ra'ersal, true2
Press Save to accept the changes.
(igure = * IPSE# con3guration page I for PRESO !"V!N#E" Router
(igure > * IPSec con3guration page II for PRESO !"V!N#E" Router
(igure 9 * IPSec con3guration page III for PRESO !"V!N#E" Router
#lick Start button on Internet Protocol Securit! page to initiate IPSE#
tunnel.
#lick Start button and after that Connect button on Internet Protocol Securit!
page to initiate IPSE# tunnel
(igure 6 * IPSec start0stop page for PRESO !"V!N#E" Router
On the de'ice connected on PRESO !"V!N#E" router setup default
gateway )45.)67.)8.).
he @uniper SS. 3rewall con3guration,
Step1 Create New Tunnel Intera!e
#lick Interfaces on Network ab.
(igure ? * Network Interfaces %list&
Aind New tunnel interface to 1ntrust interface %outside int * with public
IP addresss&.
1se unnumbered option for IP address con3guration.
(igure 7 * Network Interfaces %edit&
Step " Create New #PN IPSEC tunnel
#lick VPNs in main menu. o create new gateway click Gatewa! on Auto"e!
Advanced tab.
(igure 4 * !uto;ey !d'anced .ateway
#lick New button. Enter gateway parameters,
- Gateway na$e: estPRESO !"V!N#E"2
- Se!ur%ty le&el: #ustom2
- Re$'te Gateway type: "ynamic IP address% because your PRESO
!"V!N#E" router are hidden behind /obile operator routerBs %3rewall&
N!&2
- Peer I(: )?5.=8.)>?.462
- Pre)*are+,ey: )5=>96?7482
- L'!al I(: )98.)68.)?8.).
(igure )8 * .ateway parameters
#lick Advanced button.
- Se!ur%ty le&el U)er (e-ne+: custom2
- P*a)e 1 pr'p')al: pre*g5*=des*sha2
- M'+e: !gressi'e%must be aggressi'e because of N!&2
- NatTra&er)al: enabled2
- #lick Return and #".
(igure )) * .ateway ad'anced parameters
Step . Create Aut'Key IKE
#lick VPNs in main menu. #lick Auto"e! I"E$
#lick New button.
(igure )5 * !uto;ey I;E
!uto;ey I;E parameters are,
- #PNna$e: estPRESO !"V!N#E"2
- Se!ur%ty le&el: #ustom2
- Re$'te Gateway: Prede3ned2
- #hoose VPN .ateway from step 5.
(igure )= * !uto;ey I;E parameters
#lick Advanced button.
- Se!ur%ty le&el U)er +e-ne+: custom2
- P*a)e " pr'p')al: pre*g5*=des*sha2
- /%n+ t' Tunnel %ntera!e: tunnel.=%from step )&2
- Pr'0y I(: Enabled2
- L'!alIP/net$a),: )8.)8.)8.805>2
- Re$'teIP/net$a),: )45.)67.)8.805>2
- #lick Return and #".
(igure )> * !uto;ey I;E ad'anced parameters
Step 1 R'ut%n2
#lick %estination tab on Routing menu.
#lick New button. Routing parameters are,
- IP A++re)): )45.)67.)8.805>2
- Gateway: tunnel.=%tunnel interface from step )&2
- #lick #"$
(igure )9 * Routing parameters
Step 3 P'l%!%e)
#lick Policies in main menu.
#lick New button %from 1ntrust to trust Cone&2
- S'ur!e A++re)): )45.)67.)8.805>2
- (e)t%nat%'n A++re)): )8.)8.)8.805>2
- Ser&%!e): !ny.
#lick #"$
(igure )6 * Policies from untrust to trust Cone
#lick Policies in main menu.
#lick New button %from trust to untrust Cone&2
- S'ur!e A++re)): )8.)8.)8.805>2
- (e)t%nat%'n A++re)): )45.)67.)8.805>2
- Ser&%!e): !ny.
#lick #"$
(igure )? * Policies from trust to untrust Cone

You might also like