IPSec Tunnel configuration between PRESTO ADVANCED

Router and Juniper SSG firewall

IPSec tunnel is a type of a VPN tunnels with a secure tunneling method. On
the diagram below Figure 87 is illustrated simple network with PRESO !"V!N#E"
Router and #isco Router. Idea is to create IPSec tunnel for $!N to $!N %site to site&
connecti'ity.
(igure ) * IPSec tunnel between PRESO !"V!N#E" Router and #isco Router
he PRESO !"V!N#E" Routers re+uirements,
"estination tunnel address should ha'e public static -!N IP address.
GSM/UMTS APN Type: (or .S/01/S networks PRESO !"V!N#E" Router
connections may re+uire a #ustom !PN. ! #ustom !PN allows for 'arious IP
addressing options2 particularly static IP addresses2 which are needed for most VPN
connections. ! custom !PN should also support mobile terminated data that may be
re+uired in most site*to*site VPNs.
he PRESO !"V!N#E" Router con3guration,
#lick Network ab2 to open the LAN NETWORK screen. 1se this screen to
con3gure $!N #P0IP settings. #on3gure IP address and Netmask.
IP !ddress, )45.)67.)8.)2
Subnet /ask, 599.599.599.82
Press Save to accept the changes.
(igure 5 * Network con3guration page for PRESO !"V!N#E" Router
1se SI/ card with a static IP address2 obtained from /obile Operator.
#lick WAN Settings ab to con3gure parameters necessary for .S/01/S
connection. !ll parameters necessary for connection con3guration should be
re+uired from mobile operator.
#heck the status of .S/01/S connection %WAN Settings ab&. If
disconnected please click Connect button.
#lick VPN Settings : IPSEC to con3gure IPSE# tunnel parameters. #lick
Add New Tunnel button to create new IPSec tunnel. unnel parameters are,
Add New Tunnel
unnel Name, IPsec tunnel2
Enable, true.
IPSec Setup
;eying /ode, I;E with Preshared key2
/ode, aggressi'e2
Phase ) "< group, .roup 52
Phase ) Encryption, ="ES2
Phase ) !uthentication, S<!)2
Phase ) S! $ife ime, 577882
Perfect (orward Secrecy, true2
Phase 5 "< group, .roup 52
Phase 5 Encryption, ="ES2
Phase 5 !uthentication, S<!)2
Phase 5 S! $ife ime, =6882
Preshared ;ey, )5=>96?748.
Local Group Setup
$ocal Security .ateway ype, IP Only2
$ocal I" ype, #ustom2
#ustom Peer I", )?5.=8.)>?.462
IP !ddress, SI/ )2
$ocal Security .roup ype, Subnet2
IP !ddress, )45.)67.)8.82
Subnet /ask, 599.599.599.8.
Reote Group Setup
Remote Security .ateway ype, IP Only2
IP !ddress, )98.)68.)?8.)2
Remote I" ype, IP !ddress2
Remote Security .roup ype, Subnet2
IP !ddress, )8.)8.)8.82
Subnet /ask, 599.599.599.8.
Advanced
#ompress%Support IP Payload #ompression Protocol%IP#omp&&,
false2
"ead Peer "etection%"P"&, false2
N! ra'ersal, true2
Press Save to accept the changes.
(igure = * IPSE# con3guration page I for PRESO !"V!N#E" Router
(igure > * IPSec con3guration page II for PRESO !"V!N#E" Router
(igure 9 * IPSec con3guration page III for PRESO !"V!N#E" Router
#lick Start button on Internet Protocol Securit! page to initiate IPSE#
tunnel.
#lick Start button and after that Connect button on Internet Protocol Securit!
page to initiate IPSE# tunnel
(igure 6 * IPSec start0stop page for PRESO !"V!N#E" Router
On the de'ice connected on PRESO !"V!N#E" router setup default
gateway )45.)67.)8.).
he @uniper SS. 3rewall con3guration,
Step1 Create New Tunnel Intera!e
#lick Interfaces on Network ab.
(igure ? * Network Interfaces %list&
Aind New tunnel interface to 1ntrust interface %outside int * with public
IP addresss&.
1se unnumbered option for IP address con3guration.
(igure 7 * Network Interfaces %edit&
Step " Create New #PN IPSEC tunnel
#lick VPNs in main menu. o create new gateway click Gatewa! on Auto"e!
Advanced tab.
(igure 4 * !uto;ey !d'anced .ateway
#lick New button. Enter gateway parameters,
- Gateway na$e: estPRESO !"V!N#E"2
- Se!ur%ty le&el: #ustom2
- Re$'te Gateway type: "ynamic IP address% because your PRESO
!"V!N#E" router are hidden behind /obile operator routerBs %3rewall&
N!&2
- Peer I(: )?5.=8.)>?.462
- Pre)*are+,ey: )5=>96?7482
- L'!al I(: )98.)68.)?8.).
(igure )8 * .ateway parameters
#lick Advanced button.
- Se!ur%ty le&el U)er (e-ne+: custom2
- P*a)e 1 pr'p')al: pre*g5*=des*sha2
- M'+e: !gressi'e%must be aggressi'e because of N!&2
- NatTra&er)al: enabled2
- #lick Return and #".
(igure )) * .ateway ad'anced parameters
Step . Create Aut'Key IKE
#lick VPNs in main menu. #lick Auto"e! I"E$
#lick New button.
(igure )5 * !uto;ey I;E
!uto;ey I;E parameters are,
- #PNna$e: estPRESO !"V!N#E"2
- Se!ur%ty le&el: #ustom2
- Re$'te Gateway: Prede3ned2
- #hoose VPN .ateway from step 5.
(igure )= * !uto;ey I;E parameters
#lick Advanced button.
- Se!ur%ty le&el U)er +e-ne+: custom2
- P*a)e " pr'p')al: pre*g5*=des*sha2
- /%n+ t' Tunnel %ntera!e: tunnel.=%from step )&2
- Pr'0y I(: Enabled2
- L'!alIP/net$a),: )8.)8.)8.805>2
- Re$'teIP/net$a),: )45.)67.)8.805>2
- #lick Return and #".
(igure )> * !uto;ey I;E ad'anced parameters
Step 1 R'ut%n2
#lick %estination tab on Routing menu.
#lick New button. Routing parameters are,
- IP A++re)): )45.)67.)8.805>2
- Gateway: tunnel.=%tunnel interface from step )&2
- #lick #"$
(igure )9 * Routing parameters
Step 3 P'l%!%e)
#lick Policies in main menu.
#lick New button %from 1ntrust to trust Cone&2
- S'ur!e A++re)): )45.)67.)8.805>2
- (e)t%nat%'n A++re)): )8.)8.)8.805>2
- Ser&%!e): !ny.
#lick #"$
(igure )6 * Policies from untrust to trust Cone
#lick Policies in main menu.
#lick New button %from trust to untrust Cone&2
- S'ur!e A++re)): )8.)8.)8.805>2
- (e)t%nat%'n A++re)): )45.)67.)8.805>2
- Ser&%!e): !ny.
#lick #"$
(igure )? * Policies from trust to untrust Cone