Screen OS

 View Only
last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  How to setup IPsec ESP in SSG 320M

    This message was posted by a user wishing to remain anonymous
    Posted 05-25-2023 10:10
    This message was posted by a user wishing to remain anonymous

    Hi forum,

    It seems this forum is the closest one regarding questions for the older SSG 320M series. If not please point me in the right direction, thanks.

    On a closed network connecting two LANs, we have an older SSG 320M on our side. On LAN1 a node needs to connect to another node on LAN2 using IPsec VPN. So the task is to configure the Firewall to allow IPsec traffic between these two nodes. In ScreenOS I can find IKE services but not ESP. Can anyone guide me to setup ESP in ScreenOS, maybe as a custom service?

    Thanks



  • 2.  RE: How to setup IPsec ESP in SSG 320M

    Posted 05-27-2023 13:39

    On the SSG series in ScreenOS VPN is configured in two steps representing the phase one and phase two IPSEC connections.

    These can be either a standard policy based vpn as done on most firewalls.  The kb option list for these are here.

    https://supportportal.juniper.net/s/article/ScreenOS-Juniper-firewall-LAN-to-LAN-policy-based-VPN-articles?language=en_US

    Or they can use route based vpn with a tunnel interface and routing protocol choosing which subnets are sent into the vpn.  These options are listed here.

    https://supportportal.juniper.net/s/article/ScreenOS-Juniper-ScreenOS-Firewall-LAN-to-LAN-Route-Based-VPN-articles?language=en_US



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------

    Original Message