[VPN] VPN using Netscreen 5xp

[Chad Osmond]

> I'm a little confused, Chad.  You mention setting up a b2b but you
> reference client software as well.  And, your remote (which I presume
> is work) is the end with a dynamic IP address?  It seems like I'm
> missing something.

I'm looking to setup road-warriors -> Office VPN's

Road warriors have dynamic IP addresses, Office is static.
Office is a NetScreen 5XP device, RW's will have to be some sort of client
like Netscreen remote, or alternative (Which I'm still trying to find a good
one)

> The endpoint IP is usually included as part of the SA, but you can go
> around that if you use certificates for authentication.  I don't know
> how sophisticated the distant end device is, but the Netscreen can
> handle it--if you can get your hands on a couple of certs and
> convince the distant end to use it, which might be a non-starter.

The netscreen can also use some sort of Username authentication and manual
keys, I'm still unsure of how to set this up. Certs are a possibilty but I'd
like to avoid them for now. Static IP -> Static IP vpn's are a breeze and I
have a few up now. Just adding the one side dyanmic that messes me up a bit.

> Also, Netscreen has their own client software (Netscreen-Remote)
> which sells for a dollar a seat, I'm pretty sure.  Their client
> software used to be pretty bad, truthfully, but this new stuff is
> supposed to be excellent.  You may well want to give that a go.

$15.20 CAD / Seat according to the call I was just on. Minimum order of 10.
I think I'm about to get a demo of their (NS) client to try and see if I can
get to go.

> Let me know what I'm missing though--I know I'm not understanding it
> fully.

I agree it was a little unclear, I need to start drinking coffee or
something in the morning (I think thinkgeek has a caffeinated soap.. I
should look into that.)

Chad