Few years back I tried to configure a cisco IOS router to a Netscreen and that didn’t work out.
New since a few days i know how I should do it. I found a weblog of some one else who go it working. Wha you need to do. See below.
Cisco IOS Router.
crypto logging session
!
crypto isakmp policy 15
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key < Enter shared Key > address < destination add >
!
!
crypto ipsec transform-set aes-sha esp-aes esp-md5-hmac
!
!
!
!
crypto map < map name> 11 ipsec-isakmp
set peer < destination add >
set transform-set aes-sha
set pfs group2
match address << ACL Name >>
Interface Dialer 10
crypto map < map name >
ip access-list extended << ACL Name >>
permit ip < source add LAN > < destination add LAN >
Netscreen Configuration
set interface “untrust” zone “V1-Untrust”
set address “V1-Trust” “<LAN Local Name>” < source ip range / subnet >
set address “V1-Untrust” “<LAN Remote Name>” < destination ip range / subnet >
set ike p2-proposal “cisco” group2 esp aes128 md5 second 3600
set ike gateway “< GW Name >” address < destination outside add > Main outgoing-zone “V1-Untrust” preshare “< preshared key> proposal “pre-g2-3des-sha”
set vpn “< Local VPN Name >” proxy-id local-ip < local ip range/24> remote-ip < remote ip range/24> “ANY”
set vpn “< Local VPN Name >” gateway “< GW Name >” replay tunnel idletime 0 proposal “cisco”
Use the browser interface to get the policies to the first line
set policy id 26 from “V1-Trust” to “V1-Untrust” “<LAN Local Name>” ” “<LAN Remote Name>” ” “ANY” tunnel vpn “< Local VPN Name >” ” id 3 pair-policy 25
set policy id 25 from “V1-Untrust” to “V1-Trust” “<LAN Remote Name>” ” “<LAN Local Name>” ” “ANY” tunnel vpn “< Local VPN Name >” id 3 pair-policy 26
Workstation MTU size to 1300
See the original Link
Bron: http://blog.mozilla.com/mrz/2007/07/16/ipsec-vpn-between-cisco-ios-netscreen-solved/