Author Topic: netscreen -> netscreen site to site vpn setup 101  (Read 7040 times)


  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
netscreen -> netscreen site to site vpn setup 101
« on: September 18, 2008, 09:16:47 am »
I am just lost, it's been a while, but we have moved our subnets, broken our one network and all vpns are down, so right now it's a policy based on IP to allow.  So I need to resetup our VPN's and I am just done, I read through this faq

with no luck.  I have the luxury of being able to play during work as I am working from home and have a netscreen ns5gt home.  Also an ns5gt at the office and a netscreen ssg-350 at our co-lo.  All I want is my vpn back  :(   ok, now to business.

The 1st time I used the wizard, that was a while ago, but it worked.  We subnetted our 350 so now I have 2 internal subnets so I have a;
0/0 - trust - subnet1
0/1 - trust - subnet2
0/2 - untrust

I would guess I needed 2 vpn's from home there 1 for each subnet, which is just fine, tried the above (some things are diff due to the OS version I guess)  So I guess, 1st should I use the wizard to create the route based vpn?  If so the questions are short and I thought easy.
1. Local -> Remote  ( I say Trust -> Untrust)
2. Tunnel.  I say Make a new, bind to (I say Trust)
3. Lan to Lan
4. Local Static to Static
5. Remote GW (I am 99% I put the untrust IP of the other juniper interface)
6. security: standard + create key
7. Addresses - I just leave any/any
8. Service - again, any and policy for both directions
9. I enable logging
10. Schedule none
11. Done

Same on the other side, but nothing.  So 1st, do you guys reccomend the wizard, if so does the above look correct, if not anything I should / shouldnt do.   I will report back with anything suggested and/or asked for.