please please your help, VPN site to site between ASA and Netscreen

Discussion in 'Cisco' started by ozoubi, Sep 23, 2010.

  1. ozoubi


    Sep 23, 2007
    Likes Received:
    Dear Juniper experts,

    please i need your help its urgent to me, we have a managed services center and we connect to our customers networks through site to site VPN, our firewall ( cisco ASA 5510 ) is the VPN first end, and from other side all of our clients has Cisco firewalls ( Cisco ASA ) and its working fine, we got a new client who use Juniper netscreen SSG Firmware Version: 6.1.0r2.0, and have no good experience with Juniper products, i can try and test till it successed but its a production device and dont want to interrupt thier work, following is my side configuration on the ASA which is working fine with other cisco firewalls:

    My local netwok subnet i use nat with vpn to be translated to, and the other side inside network
    its one of our customers config and its working fine.

    interface Ethernet0/0
    nameif Outside
    security-level 0
    ip address x.x.x.178 standby x.x.x.181

    interface Ethernet0/1
    nameif Inside
    security-level 100
    ip address standby

    access-list 151 extended permit ip host host
    access-list 151 extended permit ip host host
    access-list 151 extended permit ip host host

    access-list Labnat34 extended permit ip host

    static (Inside,Outside) access-list Labnat34

    route Outside x.x.x.177 1

    crypto ipsec transform-set lanlab esp-3des esp-sha-hmac

    crypto map lanlab 20 match address 151
    crypto map lanlab 20 set peer y.y.y.132
    crypto map lanlab 20 set transform-set lanlab
    crypto map lanlab interface Outside
    crypto isakmp identity address
    crypto isakmp enable Outside

    crypto isakmp policy 40
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400

    tunnel-group y.y.y.132 type ipsec-l2l
    tunnel-group y.y.y.132 ipsec-attributes
    pre-shared-key *

    Please what i should configure on netscreen to work with this configuration? its urgent now..
    many thanks in advance... the new customer local network is and lets say its public ip (peer)
    ozoubi, Sep 23, 2010
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.