|
||||||||||
Here are my parts of my m0n0wall and netscreen config files m0n0 <ipsec> <tunnel> <interface>wan</interface> <local-subnet> <network>lan</network> </local-subnet> <remote-subnet>10.5.0.1/24</remote-subnet> <remote-gateway>xxx.xxx.xxx.xxx</remote-gateway> <p1> <mode>main</mode> <myident> <myaddress/> </myident> <encryption-algorithm>3des</encryption-algorithm> <hash-algorithm>sha1</hash-algorithm> <dhgroup>2</dhgroup> <lifetime/> <pre-shared-key>XXXXXXX</pre-shared-key> </p1> <p2> <protocol>esp</protocol> <encryption-algorithm-option>3des</encryption-algorithm-option> <hash-algorithm-option>hmac_sha1</hash-algorithm-option> <pfsgroup>2</pfsgroup> <lifetime/> </p2> <descr>Houston Tunnel</descr> </tunnel> </ipsec> Netscreen set address "Trust" "Houston Internal" 10.5.0.0 255.255.255.0 set address "Untrust" "Hess Home" 10.100.1.1 255.255.255.0 set ike gateway "Hess-Gate" address gotdns.com Main outgoing-interface "ethernet3" preshare "xxxxxx" proposal "pre-g2-3des-sha" set vpn "Hess-auto" id 16 gateway "Hess-Gate" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha" set policy id 21 name "Hess-VPN" from "Trust" to "Untrust" "Houston Internal" "Hess Home" "ANY" Tunnel vpn "Hess-auto" id 17 pair-policy 20 log set policy id 20 name "Hess-VPN" from "Untrust" to "Trust" "Hess Home" "Houston Internal" "ANY" Tunnel vpn "Hess-auto" id 17 pair-policy 21 log If you need more than this let me know. Have had my Vpn up since about version pb25 at least. Robert hess -----Original Message----- From: Joe Lagreca [mailto:lagreca at gmail dot com] Sent: Friday, September 17, 2004 6:51 PM To: Stingree Cc: Monowall List Subject: Re: [m0n0wall] m0n0wall to Netscreen IPSEC VPN? Could you please elaborate on "Main thing I ran into was the Key group is 2."? I dont quite understand. I am going to try and set up a test VPN connection between my m0n0wall and a netscreen, but was wondering if you or anyone else out there has any documentation on how it is done? Thanks. Joe On Fri, 17 Sep 2004 18:22:25 -0500, Stingree <rhess2 at houston dot rr dot com> wrote: > Yes I have. My M0n0wall 1.1 talking to a Netscreen 25. > > Main thing I ran into was the Key group is 2. > > --Robert Hess-- > > > > > -----Original Message----- > From: Chris Buechler [mailto:cbuechler at gmail dot com] > Sent: Friday, September 17, 2004 2:06 PM > To: Joe Lagreca > Cc: Monowall List > Subject: Re: [m0n0wall] m0n0wall to Netscreen IPSEC VPN? > > On Fri, 17 Sep 2004 11:37:10 -0700, Joe Lagreca <lagreca at gmail dot com> > wrote: > > Has anyone attempted or succeeded in creating an IPSEC (or other) > > VPN between their m0n0wall and a Netscreen? > > > > I have a client that is currently using Netscreen, but if it can be > > done, I would like to start integrating m0n0wall into their > > networks. Thanks! > > > > I've never integrated specifically with Netscreen, but any standard > IPsec device will work with m0n0wall. I have a Cisco PIX and a > SonicWall talking with m0n0wall in production environments. Just make > sure you get all the settings correct on both sides. > > -Chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |