Cisco IOS Router vpn tunnel to Netscreen 5GT

Few years back  I tried to configure a cisco IOS router to a Netscreen and that didn’t work out.
New since a few days i know how I should do it. I found a weblog of some one else who go it working. Wha you need to do. See below.
Cisco IOS Router.

crypto logging session
crypto isakmp policy 15
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key < Enter shared Key > address < destination add >
crypto ipsec transform-set aes-sha esp-aes esp-md5-hmac 
crypto map < map name> 11 ipsec-isakmp 
set peer < destination add >
set transform-set aes-sha 
set pfs group2
match address << ACL Name >>

Interface Dialer 10
crypto map < map name >

ip access-list extended << ACL Name >>
permit ip < source add LAN > < destination add LAN >

Netscreen Configuration

set interface “untrust” zone “V1-Untrust”

set address “V1-Trust” “<LAN Local Name>” < source ip range / subnet >
set address “V1-Untrust” “<LAN Remote Name>” < destination ip range / subnet >

set ike p2-proposal “cisco” group2 esp aes128 md5 second 3600

set ike gateway “< GW Name >” address < destination outside add > Main outgoing-zone “V1-Untrust” preshare “< preshared key> proposal “pre-g2-3des-sha”

set vpn “< Local VPN Name >” proxy-id local-ip < local ip range/24> remote-ip < remote ip range/24> “ANY”

set vpn “< Local VPN Name >” gateway “< GW Name >” replay tunnel idletime 0 proposal “cisco”
Use the browser interface to get the policies to the first line
set policy id 26 from “V1-Trust” to “V1-Untrust” “<LAN Local Name>” ” “<LAN Remote Name>” ” “ANY” tunnel vpn “< Local VPN Name >” ” id 3 pair-policy 25

set policy id 25 from “V1-Untrust” to “V1-Trust” “<LAN Remote Name>” ” “<LAN Local Name>” ” “ANY” tunnel vpn “< Local VPN Name >” id 3 pair-policy 26

Workstation MTU size to 1300

See the original Link

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.