Re: [nn] L2TP Dialup

To:	"John Cameron" <John.Cameron@brennanit.com.au>
Subject:	Re: [nn] L2TP Dialup
From:	"Kai Krebber" <Kai.Krebber@krick.net>
Date:	Tue, 6 Mar 2007 13:45:37 +0100
Cc:	nn@qorbit.net
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	ns-list2@consult.net
Delivered-to:	nn@qorbit.net
List-archive:	<http://www.qorbit.net/nn>
List-help:	<mailto:nn-request@qorbit.net?subject=help>
List-id:	"Netscreen mailing list for netscreen admins." <nn.qorbit.net>
List-post:	<mailto:nn@qorbit.net>
List-subscribe:	<http://qorbit.net/mailman/listinfo/nn>, <mailto:nn-request@qorbit.net?subject=subscribe>
List-unsubscribe:	<http://qorbit.net/mailman/listinfo/nn>, <mailto:nn-request@qorbit.net?subject=unsubscribe>
Sender:	nn-bounces@qorbit.net
Thread-index:	AcdbNJPFpkUKNxo9ROuZRv8UshK0KwEraZ+wAAFWtcAAAUCxsA==
Thread-topic:	[nn] L2TP Dialup

Well  - the rule is top of the list. Maybe there's another problem: The 
CE-guide vol.5 (vpn) steps thru the l2tp_ipsec-procedure and for the external 
I/F (step 2), they want to bind it to the dialup-zone (p.217 in my 
rel.5.4.0,rev c of the document). On my 5gt, my only choices are 'untrust' and 
'none', although I created the dialup-zone as written just above.
I assumed this to be a glitch in the doc and left it in 'untrust', but maybe 
there's more to it...

Kai

-----Ursprüngliche Nachricht-----
Von: John Cameron [mailto:John.Cameron@brennanit.com.au] 
Gesendet: Dienstag, 6. März 2007 13:11
An: Kai Krebber; Badu Jack
Cc: nn@qorbit.net
Betreff: RE: [nn] L2TP Dialup

I have seen that error before when I was setting up a remote vpn via the NS 
remote client.

The problem was the policy was not higher up in the order. 

I remember reading how to set something up like that with Windows and certs at 
http://www.netscreenforum.com/ - Do a search. Then again it may have been 
somewhere else. 

John

-----Original Message-----

Hi!

Seems impossible to me. According to Netscreen Article KB6865,
One has to use certificates with native WinXP, but I can't get it
Working. Also there are rumours of successful connections, I didn't
find any step by step guide for both sides (NS and XP) using
dynamic client IP and certs.
My Netscreen always complains:
Rejected an IKE packet ... because the peer sent a packet with a 
message ID before Phase 1 authentication was done.
My certs work fine with the NS remote-client (i.e. the certs are not
the problem)

So I assume Juniper boycotts the native XP-Capabilities to sell their Client
(please prove me wrong, anybody).

Cheers,
        Kai 


-----Ursprüngliche Nachricht-----
The second question is, is it possible to use winxp for remote dialup to 
connect with the
NS-5GT using IPSEC and L2TP dialup protocols.

Cheers

_________________________________________________________________
nn mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn
_______________________________________________
nn mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn
_______________________________________________
nn mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [nn] L2TP Dialup, Kai Krebber Re: [nn] L2TP Dialup, Kai Krebber <= Re: [nn] L2TP Dialup, Kai Krebber Re: [nn] L2TP Dialup, Jeffy Koh Re: [nn] L2TP Dialup, Martin Schulman Re: [nn] L2TP Dialup, Jeffy Koh Re: [nn] L2TP Dialup, Kai Krebber

Previous by Date:	Re: [nn] L2TP Dialup, Kai Krebber
Next by Date:	Re: [nn] L2TP Dialup, Kai Krebber
Previous by Thread:	Re: [nn] L2TP Dialup, Kai Krebber
Next by Thread:	Re: [nn] L2TP Dialup, Kai Krebber
Indexes:	[Date] [Thread] [Top] [All Lists]