1. Home
  2. Virtual Private Networks
  3. Access to IPSec VPN through Netscreen-10 fw

Access to IPSec VPN through Netscreen-10 fw

I've got a situation where about 3 or 4 users will need to access an IPSec VPN. They're all coming from a LAN which is behind a Netscreen-10 firewall which is using NAT. The device they're trying to connect to is a Netgear FVL328. I don't think NAT-T is available on the Netgear box, unless there's a new firmware out that I'm not aware of which supports it (which could very well be...)

I thought about setting up a LAN-to-LAN vpn, but it looks like that idea might be hard to sell to the remote side. I don't know if they'd be open to replacing their VPN device with something NAT-T compatible.

Is there anything on the Netscreen-10 that can make this work? I'm kind of new to this particular firewall.

Thanks!

Reply to
srp336
Loading thread data ...

The NetScreen 10 is probably find nat'ing the ipsec packets, just make sure it's the latest firmware for it which I believe is 3.03r8 or something like that. Yes, it's an old box.

The NS10 is quite capable of doing a lan to lan vpn, I've still got clients using pairs of those for corporate vpn concentrators, they're tough as nails and very dependable.

-Russ.

Reply to
Somebody.

Do any changes need to be made on the Netscreen, or should it just work as-is?

Thanks!

Reply to
srp336

It's been a long time since I worked on version 3 firmware. I have a vague recollection of a setting like "ipsec-passthrough enable" or some such? Have a look through the CLI reference for it.

-Russ.

Reply to
Somebody.

I see a line 'unset firewall bypass-others-ipsec' in the config, but I can't seem to set it (the CLI doesn't seem to know what it is). Is this a feature in ScreenOS that the Netscreen-10 doesn't support?

Reply to
srp336

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.