please please your help, VPN site to site between ASA and Netscreen

Discussion in 'Cisco' started by ozoubi, Sep 23, 2010.

  1. ozoubi

    ozoubi

    Joined:
    Sep 23, 2007
    Messages:
    3
    Dear Juniper experts,

    please i need your help its urgent to me, we have a managed services center and we connect to our customers networks through site to site VPN, our firewall ( cisco ASA 5510 ) is the VPN first end, and from other side all of our clients has Cisco firewalls ( Cisco ASA ) and its working fine, we got a new client who use Juniper netscreen SSG Firmware Version: 6.1.0r2.0, and have no good experience with Juniper products, i can try and test till it successed but its a production device and dont want to interrupt thier work, following is my side configuration on the ASA which is working fine with other cisco firewalls:

    My local netwok subnet 192.168.200.0/24 i use nat with vpn to be translated to 192.168.248.0/24, and the other side inside network 192.168.249.0/24
    its one of our customers config and its working fine.

    interface Ethernet0/0
    nameif Outside
    security-level 0
    ip address x.x.x.178 255.255.255.240 standby x.x.x.181

    interface Ethernet0/1
    nameif Inside
    security-level 100
    ip address 192.168.100.254 255.255.255.0 standby 192.168.100.253

    access-list 151 extended permit ip host 192.168.248.32 host 192.168.249.13
    access-list 151 extended permit ip host 192.168.248.32 host 192.168.249.16
    access-list 151 extended permit ip host 192.168.248.32 host 192.168.249.17

    access-list Labnat34 extended permit ip host 192.168.200.34 192.168.249.0 255.255.255.0

    static (Inside,Outside) 192.168.248.34 access-list Labnat34

    route Outside 192.168.249.0 255.255.255.0 x.x.x.177 1

    crypto ipsec transform-set lanlab esp-3des esp-sha-hmac

    crypto map lanlab 20 match address 151
    crypto map lanlab 20 set peer y.y.y.132
    crypto map lanlab 20 set transform-set lanlab
    crypto map lanlab interface Outside
    crypto isakmp identity address
    crypto isakmp enable Outside

    crypto isakmp policy 40
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400

    tunnel-group y.y.y.132 type ipsec-l2l
    tunnel-group y.y.y.132 ipsec-attributes
    pre-shared-key *



    Please what i should configure on netscreen to work with this configuration? its urgent now..
    many thanks in advance... the new customer local network is 192.168.40.0 and lets say its public ip (peer) 1.1.1.50
     
    ozoubi, Sep 23, 2010
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andreas Heinzelmann

    Netscreen vs. Cisco ASA

    Andreas Heinzelmann, Aug 30, 2007, in forum: Cisco
    Replies:
    3
    Views:
    2,534
    Doug McIntyre
    Sep 4, 2007
  2. Mike Rahl
    Replies:
    1
    Views:
    630
  3. Dil
    Replies:
    0
    Views:
    1,029
  4. Bart
    Replies:
    1
    Views:
    1,178
    bod43
    Jun 11, 2009
  5. Igor Mamuziæ aka Pseto
    Replies:
    0
    Views:
    1,120
    Igor Mamuziæ aka Pseto
    Jan 6, 2010
Loading...

Share This Page