You are on page 1of 2

Configuring a Policy-Based LAN-to-LAN VPN When Both

Sides Have Static IPs Using Pre-shared Keys


KB Home Browse Knowledge Base Categories Printer Friendly
Knowledge Base ID: KB4757
Version: 5.0
Published: 07 Oct 2008
Updated: 07 Oct 2008
Firewall/IPSec_VPN
Categories: IPSec
ScreenOS
SYNOPSİS:
Policy-based VPN - Both Sides have Static IPs using Pre-shared Keys
SOLUTİON:
Below are the settings and proposals that we will use to configure the VPN:

Juniper Firewall Site A

• Untrust IP of device 1.1.1.1


• Trust Network 192.168.1.0/24
• Phase 1 Proposal pre-g2-des-sha
• Phase 2 Proposal nopfs-esp-des-sha

Juniper Firewall Site B

• Untrust IP of device 2.2.2.1


• Trust Network 10.1.1.0/24
• Phase 1 Proposal pre-g2-des-sha
• Phase 2 Proposal nopfs-esp-des-sha
To configure a policy-based LAN-to-LAN VPN when both sides have static IPs using pre-
shared keys, perform the following steps:

Configure a gateway for the local site. For more information on configuring a gateway for
the local site, go to Configuring an IPSec Security Gateway for the Local Site.

Configure a phase 2 proposal for the local site. For more information on configuring a phase
2 proposal for the local site, go to Configuring a Phase 2 Proposal for the Local Site.

Configure a policy for the local site. For more information on configuring a policy for the
local site, go to Configuring a Policy for the Local Site.

Configure a gateway for the remote site (opposite end of the tunnel from the local site). For
more information on configuring a gateway for the remote site, go to Configuring a Gateway for
the Remote Site.

Configure a phase 2 proposal for the remote site. For more information on configuring a
phase 2 proposal for the remote site, go to Configuring a Phase 2 Proposal for the Remote Site.

Configure a policy for the remote site. For more information on configuring a policy for the
remote site, go to Configuring a Policy for the Remote Site.