I'm attempting to configure a dial-up VPN to Netscreen ScreenOS 5.1 using the Windows XP native VPN client. It's painful :-(
Preshared secrets won't work because XP insists on using it's (dynamic) IP address for IKE Phase 1 ID, so certificates will be required.
Netscreen documentation generally assumes use of their VPN client. There is a white paper describing how to do this on Windows 2000, but it is written for ScreenOS 4.0 and assumes the client has access to a Microsoft CA - close but...
ScreenOS 5.1 can generate self-signed certificates, but if there's a way to export them so they can be loaded on the client, it eludes me - so I'm attempting to use an OpenSSL CA on Linux to sign the certificate requests. XP and the Netscreen both loaded these certificates successfully, but when I gave up for today XP was claiming it couldn't find a certificate to use with the authentication protocol.
Does anyone have this working? If so, please post the recipe. Otherwise, I'll figure it out eventually and post it myself...
Sunny