08-26-2009 12:10 PM
I have set up office-to-office IPSec VPN tunnels between NetScreen / SSG appliances many times where both devices had static public IP addresses. I need help, however, on how to set up a similar scenario where one of the devices has a static IP address. I think this involves the appliance with the DHCP address being configured as a dial-up client, and the other must be set up differently. I know that, in this scenario, the appliance with the DHCP address must initiate traffic the the tunnel to be created, and not vice versa.
Is there any good literature on how to set this up?
Any help is appreciated!
08-26-2009 12:56 PM
It is possible .
Please follow the folowing link which explain in detail how you can setup :
http://www.juniper.net/techpubs/software/screenos/screenos6.1.0/ce_v5.pdf for description page 139 and example config and diagram on page 142
AtifIf this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
09-09-2009 05:07 PM
I have the same situation with some small offices and home offices in our network. For these sites where we don't have a static address I use DynDNS service to create an ad-hoc DNS entry for the site. You then reference the DNS entry for the tunnels just as if it were a static address site. As long as you have DNS setup on the SSG it will resolve the name and bring up the tunnel.
Create an account with dyndns.org (they have small free ones but only charge $15 per year for a no-expiration account).
Pick your host name and domain
On the SSG configure registration of your DHCP address under Network--DNS--DDNS
After this the whole setup works just like a static to static site configuration.
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCDA JNCDS-DC JNCDS-SEC
ACE PanOS 6 ACE PanOS 7