How to configure Juniper/Netscreen Policy Based Site to Site VPN

This is a simple guide on how to create a policy based Site to Site VPN or other security administrator prefer to use LAN to LAN VPN setup.

I used these steps for many years, and it still work with new devices.

Create Network Group e.g. 192.168.10/24
Create VPN Gateway, preferably to use Auto-IKE setup to minimize error.
Create Site to Site Policy, make sure to place the policy in the beginning.
Testing, ping internal network both sites.

To simplify the process, I named the first Office SiteA and the remote Office SiteB with the following network.

SiteA Network Information:
Untrust IP Assigned Gateway: 1.1.1.1
Trust Network: 192.168.10/24
VPN using Auto-Key with pre-shared KING.NET (example)

SiteB Network Information:
Untrust IP Assigned Gateway: 2.2.2.2

Trust Network: 192.168.20/24

VPN using Auto-Key with pre-shared KING.NET (example)

The procedure is based on Juniper Netscreen SSG 350 Firmware Version 6.2.x but this will be the same to configure your SSG 104, SSG 5 and other Firewall/VPN devices.

For Site A:

Login to your firewall management console.

Step1. Create your trust and untrust network.
Click Policy, Policy Element, Addresses, and List
In List, click New to add your Trust Network e.g. 192.168.10/24 name it as SiteA_Network and UnTrust Network e.g. 192.168.20/24 name it as SiteB_Network
Step 2. Create your VPN Gateway
Click VPN, AutoKey IKE
In AutoKey IKE, click New
Create the VPN Name e.g. VPN_SiteA_SiteB
The Static IP Address, 2.2.2.2 this is the public IP assigned by your Internet Service Provider
Select the VPN level for Phase1 and Phase2. The other network MUST use the same Phase1 and Phase2.
Click VPN monitor
Enter the pre-shared key e.g. KING.NET as example
Click OK.
Step 3. This is where you add the VPN policies.
Click Policy, Policies
Select from Trust to Untrust Zone, and click New
Source Address: Select SiteA_Network
Destination Address: Select SiteB_Network
Service: Any
Action: Tunnel
Tunnel: VPN_SiteA_SiteB
Check Modify matching bidirectional VPN policy
Position at Top: Enabled
Click OK
Step 4. Testing your policy. After adding the policy to another network, you should see each other network.
From SiteA Network, using a workstation ping 192.168.20.xxx, where xxx is any IP address in SiteB_Network.
From SiteB_Network, ping 192.168.20.xxx in SiteA_Network
End of SiteA_Network configuration.

The SiteA_Network configuration is completed, now repeat the procedure for the SiteB_Network.

If you need assistance, please don't hesitate to let me know. You may post your questions here. If you need detailed information, please visit Juniper website or use the following references:

Alternative Social Networks

If you are planning to create your social network e.g. similar to Facebook. Here's a short list of alternative software's: Open Source and Free http://buddypress.org/ - Wordpress (Open Source and Free) http://elgg.org/ - (Open Source and Free) Commercial Social Networks software http://www.socialengine.com/ ($299 Stand Alone, $29/mo Cloud) http://www.jomsocial.com/ (run with Joomla, need to know CMS) http://www.boonex.com/ (very expensive, $399 for Standard) http://www.anahitapolis.com/ http://www.oxwall.org/ http://sharetronix.com/ http://www.moosocial.com/ http://www.jcow.net/ http://phpdolphin.com http://www.grou.ps (from free to Commercial, I left my networks and they are selling it http://www.phpfox.com/ (I used this before, it's hard to maintain. I moved to NING but left too after it was sold to another company) http://www.ning.com (I don't recommend using this service, it's hard to export your data when it's time to move) S

Whaddya know more?

Learning Vulnerability Scanning by KING.NET

Learning Vulnerability Scanning is fun and easy. So I hope you enjoy reading this short how to guide on how to use vulnerability scanning to secure your servers and networks. NMAP is the swiss tool that you need to learn if you're serious in Cyber Security profession. The NMAP tool can be use with NSE scripting (Nmap Scripting Engine) to automate your tasks. For example using NSE Script using a single vulnerability (cold fusion) to scan our test lab machine. root@kali:~# nmap -v -p 80 --script http-vuln-cve2010-2861 10.11.1.220 Starting Nmap 6.47 ( http://nmap.org ) at 2016-07-22 17:34 EDT NSE: Loaded 1 scripts for scanning. NSE: Script Pre-scanning. Initiating ARP Ping Scan at 17:34 Scanning 10.11.1.220 [1 port] Completed ARP Ping Scan at 17:34, 0.04s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 17:34 Completed Parallel DNS resolution of 1 host. at 17:35, 13.01s elapsed Initiating SYN Stealth Scan at 17:35 Scanning 10.11.1.220 [1 port] Comp

Whaddya know more?

Micah 3:4

Then shall they cry to the Lord, and he will not hear them: and he will hide his face from them at that time, as they have behaved wickedly in their devices. Micah 3:4 from Douay-Rheims Bible. https://Acknowledgement.com

Whaddya know more?

Whaddya.com

Search This Blog