I'm trying to configure a Juniper SSG5 for VPN. So far I'd say I'm lost lost lost.
The server (just one for now) is a dedicated host at a hosting company.
I have a block of 8 public IPs (/29), the SSG5 has it's own IP (separate subnet from my 8 public IPs), and routes requests for the public IP's to the server.
There are two interfaces defined on the SSG5. The first, ethernet0/0, is for the SSG5's public IP, set as zone Untrust, interface mode Route, type Layer 3. The second, ethernet0/1, is for my block of 8 public IP's, set as zone Trust, interface mode Route, type Layer 3.
I have policy based NAT configured such that requests for the 1st public IP address is NAT'd to a specific IP (192.168.10.11). I have defined a route for 192.168.10.0/24 to ethernet0/1
Roughly speaking I think the network looks like (though this isn't really accurate because my public IP's aren't shown):
internet
|
SSG5
|
-----------------
192.168.11.0/24
On the Netgear side the FVS338 is a simple little firewall/router. It has a public IP and use NAT to translate to 192.168.2.0/24.
My end goal is to be able to setup filesharing and email (POP/SMTP/IMAP) over the VPN. Initially I'd be happy with PING. Ideally I'd like only the Netgear to initiate the VPN and traffic to only "flow" from the Netgear FVS338 to the SSG5, i.e. from the server rack, where the SSG5 is, there is no need for those servers to initiate connections to machines behind the Netgear FVS338.
I've tried setting up the VPN using the SSG5's "Route-based VPN" but get no where. On the netgear side all I get is "negotiation failed due to time up for" errors. On the ssg5... well... I can't even locate any screen to show VPN connection diagnostics.
So... can anyone provide any guidance on how best to approach this?
Thanks!!