VPN setup - is there a standard way to do this?

is Netscreen's support page. There's several articles including screen shots about setting up the VPN on the Netscreen firewall. I used L2TP and it works great. The only thing to remember though is on the client machines you'll have to set up the following: The following registry entry is required on the client machines before they could connect via L2TP:

To add the ProhibitIpSec registry value to your Windows 2000-based computer, use Registry Editor (Regedt32.exe) to locate the following key in the registry:

HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Rasman\\Parameters

Add the following registry value to this key:

Value Name: ProhibitIpSec Data Type: REG_DWORD Value: 1

Note that you must restart your Windows 2000-based computer for the changes to take effect.

I thought it was fairly straight forward on setting it up. You set up an L2TP pool (under Objects on the firewall), configure the default settings, configure the tunnel (both under VPN L2TP on the firewall), create your users (under objects) and of course allow VPN in your Policies.

Again there's a bunch of articles with Screen Shots of how to do this, just got to the above link and search the knowledge base. My info. above is a basic overview though.

Hope this helps and good luck.

Well with the L2TP, the way it is set up is basically to establish the connection, you log on using the Netscreen's user name and password (this was set up under Objects -> Users on the Netscreen). Again this just creates the tunnel between pt A and B. After it is connected, your computer is now a computer on that network. After that if you want to say Remote into a server or computer on that side, you'd launch Remote Desktop to that private ip and then use your domain user name and password to get in (of course this is also provided you have access under that user name and password on the domain). Same for mapping drives, you need to use a user name and password from that domain that you just vpn'd into. This is actually a nice feature because even if someone was able to make a VPN connection and you didn't want them, they'd still need to be a user in your domain to get to any of the machines on the domain. I would have thought that the IKE VPN was set up similiarly. Again the knowledge base articles are an excellent source for finding info too, but I hope this at least helps or pts you in the correct direction.

"Mike" wrote in message news: snipped-for-privacy@4ax.com...

screen

On Tue, 5 Apr 2005 10:02:44 -0400, "MF" wrote: Thanks for the reply...I did manage to set up IKE VPN connections using the Netscreen-Remote client. What I don't understand...is bascially how to log someone in over the VPN connection directly to the network. In other words, while testing this IKE connection, I noticed that every mapped drive, opening Outlook...etc requires the user to enter a username/password. Also, there's no way to change your password when it expires (at least I don't see a way)...so I'm guessing I need a way to log into the domain when first connecting. Is this what L2TP does?

including screen