Hi, I've been working on a VPN L2L tunnel between ASA5510 and Netscreen SSG for a month now with no success. The Netscreen is the remote VPN device and I have no control whatsoever on it. I, however, was able to get their config. Hope someone here can help me with this.
CONFIG FOR NETSCREEN:
set user-group "IKE-VPN-GROUP" id 4
set user-group "xAuth_VPN_GROUP" id 3
set ike gateway "MAK-DR" address xxx.xxx.xxx.xxx Main outgoing-interface "ethernet0/1" preshare "zzzzzzzzzzzzz" proposal "pre-g2-3des-sha"
set ike respond-bad-spi 1
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set xauth lifetime 120
set xauth default ippool "VPN_USERS_POOLS"
set xauth default dns1 10.198.1.1
set xauth default dns2 10.198.1.2
set xauth default wins1 10.198.1.1
set xauth default wins2 10.198.1.2
set vpn "MAK-DR" gateway "MAK-DR" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha"
set vpn "MAK-DR" id 11 bind interface tunnel.2
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
set attack db sigpack base
set attack db mode Update
set attack db schedule daily 05:00
set av profile "virus"
exit
set vpn "MAK-DR" proxy-id local-ip 10.198.1.0/24 remote-ip 10.198.2.0/24 "ANY"
set policy id 100 from "Trust" to "Untrust" "10.198.1.0/24" "10.198.2.0/24" "ANY" permit log
set policy id 100
set log session-init
exit
set policy id 99 from "Untrust" to "Trust" "10.198.2.0/24" "10.198.1.0/24" "ANY" permit log
set policy id 99
set log session-init
exit
unset add-default-route
set route 10.198.2.0/24 interface tunnel.2 preference 20
exit
ASA5510 configuration attached on next post.
