Netscreen 10 box and VPN client

[lbirch]

We currently have a Netscreen 10 box and want to use Netscreen Remote Client 8.0 as a vpn clinet between the two systems.

The OS on the 10 box is 2.6.0r4.1, I know its old. I have looked at the manuals for both systems and even followed the scenario in the NSR manual for pre-shared key setup. No matter what I try, I just cannot connect the client to the box using VPN.

Does someone know of a step by step guide I could use or any advice on how to set this up, if you can at all?

Many thanks for any help.

 

[Njetscreamer]

For a netscreen 10 ,
on the netscreen
1) create a user (dialup) and give this user and Ike ID (i woudl use a mail addy, doesn't need to be a real one.
2) set up phase 1, aggressive mode, pre-g2-3des-md5. I cannot remember the ins and outs of this code but if Nat-T is available check mark it and select udp and 5 seconds.
also don't forget the user and preshared key.
3) configure the P2 proposals remember to select the correct P1 proposals when doing this.
4 Create the policy from untrust to trust.
Remember 2 things here.
1 allways put the source as dialup vpn and destination as the internal subnet (preferably the internal ip and subnet of the netscreen)
2 allways place the policy at the top.

if your client refuses to connect (little yellow key) then do the following.
check in ns-remote log viewer that the data is being encrypted.
Check on the netscreen that udp port 500 traffic is arriving.

You could do a debug ike basic from the cmd line.
remember to undebug all when done to switch the debugging back off again, and get db stream to view the output.
What you are looking for in this stream is a fail or p1 or p2 completed.

If this is the case then you have a vpn running
Get SA will show you the acitve tunnels with spi life.