09-16-2010 10:12 AM
Tomorrow I intend to try and get a Juniper SSG talking to our PAN so I can have a VPN tunnel between two sites.
The PAN is already configured using the defaults in the example PDFs on the knowledge base.
Does anyone know if there are any specifics that need to be configured on the SSG?
There are a few examples in the ScreenOS manual and I'm hoping it's a case of follow and adapt, but I'm not that knowledgeable about IPSEC VPNs and all the IKE1 and IKE2 fundamentals so if there are any tips and tricks I'd be grateful.
Thanks.
09-16-2010 10:25 AM
Make sure you have the following on the SSG
1) To match the defaults on PAN OS, make sure that you use security level of standad for both Phase1 ( ike) and Phase 2( IPSec) for the propo sals on the SSG.S.
2) Use route based VPN on the ScreenOS
09-16-2010 10:31 AM
Brilliant thank you.
I found a scenario in Chapter 4 of the ScreenOS guide that looks more or less identical to what I want to do (obviously they have ScreenOS on both sides) so hopefully I can follow that and just change the IP's.
Route based was what I assumed I wanted as in this case we want to simply fire anything for 0.0.0.0 from in the site behind the ScreenOS over the VPN tunnel.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
