VPN setup - is there a standard way to do this?

VPN setup - is there a standard way to do this?

NewsGroups | Search | Tools
 comp.dcom.vpn  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
VPN setup - is there a standard way to do this? Mike 04-04-2005
Posted by Mike on April 4, 2005, 10:26 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


First...I'm not a full blown network engineer...just kind of inherited
a network and am being looked to for supporting it. Small 25 person
office, have a netscreen firewall/vpn and a W2k domain. I'm being
asked to get the VPN working on the Netscreen (for remote users
working from home). Going into the config, I'm blown away by the
number of different ways to set the VPN up. IKE, XAuth, AU, L2TP,
Des, Triple Des, Hash Algorithms, Pre-Shared keys..etc...it's a little
overwhelming. Is there some kind of standard people use? Any good
website suggestions? Do I stick with the Netscreen-Remote clients or
set up the Microsoft 2000/XP PPTP/L2TP client? Any help would be
greatly appreciated.


Pure Networks
Posted by MF on April 5, 2005, 10:02 am
If you were  Registered and logged in, you could reply and use other advanced thread options


https://www.juniper.net/customers/support/
This is Netscreen's support page. There's several articles including screen
shots about setting up the VPN on the Netscreen firewall. I used L2TP and
it works great. The only thing to remember though is on the client machines
you'll have to set up the following:
The following registry entry is required on the client machines before they
could connect via L2TP:

To add the ProhibitIpSec registry value to your Windows 2000-based computer,
use Registry Editor (Regedt32.exe) to locate the following key in the
registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters

Add the following registry value to this key:

Value Name: ProhibitIpSec
Data Type: REG_DWORD
Value: 1

Note that you must restart your Windows 2000-based computer for the changes
to take effect.



I thought it was fairly straight forward on setting it up. You set up an
L2TP pool (under Objects on the firewall), configure the default settings,
configure the tunnel (both under VPN L2TP on the firewall), create your
users (under objects) and of course allow VPN in your Policies.

Again there's a bunch of articles with Screen Shots of how to do this, just
got to the above link and search the knowledge base. My info. above is a
basic overview though.

Hope this helps and good luck.



> First...I'm not a full blown network engineer...just kind of inherited
> a network and am being looked to for supporting it. Small 25 person
> office, have a netscreen firewall/vpn and a W2k domain. I'm being
> asked to get the VPN working on the Netscreen (for remote users
> working from home). Going into the config, I'm blown away by the
> number of different ways to set the VPN up. IKE, XAuth, AU, L2TP,
> Des, Triple Des, Hash Algorithms, Pre-Shared keys..etc...it's a little
> overwhelming. Is there some kind of standard people use? Any good
> website suggestions? Do I stick with the Netscreen-Remote clients or
> set up the Microsoft 2000/XP PPTP/L2TP client? Any help would be
> greatly appreciated.




Posted by Mike on April 5, 2005, 3:47 pm
If you were  Registered and logged in, you could reply and use other advanced thread options




Thanks for the reply...I did manage to set up IKE VPN connections
using the Netscreen-Remote client. What I don't understand...is
bascially how to log someone in over the VPN connection directly to
the network. In other words, while testing this IKE connection, I
noticed that every mapped drive, opening Outlook...etc requires the
user to enter a username/password. Also, there's no way to change
your password when it expires (at least I don't see a way)...so I'm
guessing I need a way to log into the domain when first connecting.
Is this what L2TP does?


>https://www.juniper.net/customers/support/
>This is Netscreen's support page. There's several articles including screen
>shots about setting up the VPN on the Netscreen firewall. I used L2TP and
>it works great. The only thing to remember though is on the client machines
>you'll have to set up the following:
>The following registry entry is required on the client machines before they
>could connect via L2TP:
>



Posted by MF on April 5, 2005, 1:58 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


Well with the L2TP, the way it is set up is basically to establish the
connection, you log on using the Netscreen's user name and password (this
was set up under Objects -> Users on the Netscreen). Again this just
creates the tunnel between pt A and B. After it is connected, your computer
is now a computer on that network.
After that if you want to say Remote into a server or computer on that side,
you'd launch Remote Desktop to that private ip and then use your domain user
name and password to get in (of course this is also provided you have access
under that user name and password on the domain). Same for mapping drives,
you need to use a user name and password from that domain that you just
vpn'd into.
This is actually a nice feature because even if someone was able to make a
VPN connection and you didn't want them, they'd still need to be a user in
your domain to get to any of the machines on the domain.
I would have thought that the IKE VPN was set up similiarly. Again the
knowledge base articles are an excellent source for finding info too, but I
hope this at least helps or pts you in the correct direction.


>
>
> Thanks for the reply...I did manage to set up IKE VPN connections
> using the Netscreen-Remote client. What I don't understand...is
> bascially how to log someone in over the VPN connection directly to
> the network. In other words, while testing this IKE connection, I
> noticed that every mapped drive, opening Outlook...etc requires the
> user to enter a username/password. Also, there's no way to change
> your password when it expires (at least I don't see a way)...so I'm
> guessing I need a way to log into the domain when first connecting.
> Is this what L2TP does?
>
>
> >https://www.juniper.net/customers/support/
> >This is Netscreen's support page. There's several articles including
screen
> >shots about setting up the VPN on the Netscreen firewall. I used L2TP
and
> >it works great. The only thing to remember though is on the client
machines
> >you'll have to set up the following:
> >The following registry entry is required on the client machines before
they
> >could connect via L2TP:
> >
>




Posted by on April 11, 2005, 6:19 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


Anyone have any folloup to this? I'm basically concerned about
changing domain passwords when they expire. I'm using a NetScreen 25
with IKE/XAuth/IAS. It seems that if the domain password has expired
the user is locked out of everything until they manually hit
Ctrl+Alt+Delete to change their password and log back in again. This
could be really confusing.
Mike wrote:
wrote:
> Thanks for the reply...I did manage to set up IKE VPN connections
> using the Netscreen-Remote client. What I don't understand...is
> bascially how to log someone in over the VPN connection directly to
> the network. In other words, while testing this IKE connection, I
> noticed that every mapped drive, opening Outlook...etc requires the
> user to enter a username/password. Also, there's no way to change
> your password when it expires (at least I don't see a way)...so I'm
> guessing I need a way to log into the domain when first connecting.
> Is this what L2TP does?
>
>
> >https://www.juniper.net/customers/support/
> >This is Netscreen's support page. There's several articles
including screen
> >shots about setting up the VPN on the Netscreen firewall. I used
L2TP and
> >it works great. The only thing to remember though is on the client
machines
> >you'll have to set up the following:
> >The following registry entry is required on the client machines
before they
> >could connect via L2TP:
> >



Similar ThreadsPosted
Need Help to setup VPN pls March 1, 2005, 12:36 pm
VPN setup at home September 15, 2005, 11:50 pm
VPN Tunneller setup March 31, 2006, 1:24 am
VPN setup question for XP. August 21, 2006, 1:18 pm
Netscreen 5xp Setup Help November 24, 2006, 11:39 pm
Nortel ssl vpn setup April 30, 2007, 12:04 pm
Basic VPN setup March 5, 2008, 3:31 pm
textbook OSX VPN setup help? June 30, 2008, 10:32 pm
VPN Client Printer Setup? February 26, 2005, 3:25 pm
Small Office VPN Setup March 10, 2005, 10:32 pm

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map