Help: HowTo create VPN from native Windows XP to NetScreen



  • Hello,

    I am trying to setup a VPN from native Windows XP clients to a NetScreen ScreenOS 5 device. :? But so far I have not succeeded in doing so. Any help is highly appreciated. 😉

    What I have done so far is: 😐

    1. On the NetScreen device:

    • Created a user for L2TP
    • Created a new IP pool
    • Setup L2TP settings to use IP pool and DNS settings
    • Created L2TP tunnel with peer IP 0.0.0.0 (for dynamic client IP)
    • Created policy to allows VPN dialup users to tunnel over the L2TP tunnel

    2. On Windows XP

    • Created a new connection with optional encryption (PAP and CHAP)

    The problem is that I always get an rejected IKE packet because an initial Phase 1 packet arrived from an unrecognized peer gateway.

    What am I missing? :?

    Thanks & Regards,
    Tom



  • Oldo,

    @oldo:

    You’ll need client certificates to make it work. It’s well documented if you search http://kb.juniper.net

    I have searched through the KB but most documentation is about Win2K and an older ScreenOS version. Can you point me to some documentation for WinXP and ScreenOS 5.x.

    BTW, I am using Microsoft CA and created the certificates. They are also listed as valid when I look them up via the MMC (Certificate snap-in). However is there a possibility to check that the Netscreen firewall actually accepts the certificate or monitor the connection to see if it is actualy using the certificate during connection?

    Thanks a lot.



  • You’ll need client certificates to make it work. It’s well documented if you search http://kb.juniper.net


 

44
Online

38.4k
Users

12.7k
Topics

44.5k
Posts