I have a requirement to set up Windows XP native VPN clients to terminate on a Netscreen 25 firewall. I have a choice of authentication - either certificates from an in house Win 2003 CA or via LDAP from a Active Directory server.
The netscreen is set up for routing and not NAT. The clients and the NS25 are on the same subnet. The goal is that should a valid client try and contact something on the inside of the firewall, then a vpn will be established automatically between client and firewall so no data can be sniffed.
Is this achievable at all and if so can someone please point me to some example configs before my head explodes.
Thanks up front.
The netscreen is set up for routing and not NAT. The clients and the NS25 are on the same subnet. The goal is that should a valid client try and contact something on the inside of the firewall, then a vpn will be established automatically between client and firewall so no data can be sniffed.
Is this achievable at all and if so can someone please point me to some example configs before my head explodes.
Thanks up front.
