VPN Configuration Mikrotik-Juniper

Mikrotik
===========>>

Mikrotik does not have clear demarcation between phase1 & phase2. However peer setting can be regarded as phase 1 and policy & proposal (esp-des-md5) can be regarded as phase2. We will established policy based VPN tunnel between Mikrotik & Juniper. Here is the configuration.

Mikrotik 450G
==============

Peer: Address: <peer-address>
    port:500
    Auth. Method: pre-sharedkey
    Exchange Mode: main
    Send Initial Contact: enable
    NAT Traversal: do not enable
    Proposal check: obey
    Hash Algorithm: md5
    Encryption Algorithm: des
    DH Group: modp768(this is same as group 1)
    Generate Policy: do not enable
    other thing: leave as it is.
Policy: General:
            Specify Src Address & Dst. Address
      Action:
        Action:encrypt
        Level: unique
        IPsec Protocols: esp
        Tunnel: enable
        SA Src. Address: <Local Public IP>
        SA Dst. Address: <Remote public IP>
        Proposal: default

Proposal:
    Auth Algorithms: md5
    Enc Algorithms: des
    PFS Group: none


Juniper SSG-350M
==================

    Click VPNs > AutoKey Advanced > Gateway
    Click New
        Gateway Name: Site B GW
        Security Level: Custom
        Remote Gateway: Click Static, and enter IP address: <peer IP>
        Preshared Key: <secret>
        Outgoing Interface: untrust (or whichever interface goes out to the Internet)
        Click Advanced
            Phase 1 Proposal: pre-g1-des-sha
            Mode (Initiator): Main
            Click Return
        Click OK
    Click Autokey IKE
    Click New
        VPN Name: Site B VPN
        Security Level: Custom
        Remote Gateway: Click Predefined, and select Site B GW from the pulldown menu
        Click Advanced
            Phase 2 Proposal: nopfs-esp-des-md5
        Bind to: None
            Click Return
        Click OK
    Click Policy
    Select From Trust to Untrust Zone, and click New
        Source Address: Click New Address : <Private network src>
        Destination Address: Click New Address: <Private network dest>
        Service: Any
        Action: Tunnel
        Tunnel: Site B VPN
        Modify matching bidirectional VPN policy: Enabled
        Click Ok
        Position at Top: Enabled

Nagios installation & Configufration

First install all dependencies if not installed previously
gcc, make, autoconf, automake
gd, gd-devel, openssl, openssl-devel
postgresql, postgresql-devel
ntp, ntp-snmp


Now install Nagios as follows
#useradd nagios
#passwd nagios
#groupadd nagcmd
#usermod -G nagcmd nagios
#usermod -G nagcmd apache
#mkdir ~/downloads
#cd ~/downloads#wget http://osdn.dl.sourceforge.net/sourceforge/nagios/nagios-3.0b3.tar.gz
#wget http://osdn.dl.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.7.tar.gz
#cd ~/downloads
#tar xzf nagios-3.0b3.tar.gz
#cd nagios-3.0b3
#./configure –with-command-group=nagcmd
#make all
#make install
#make install-init
#make install-config
#make install-commandmode
#make install-webconf
#cd ~/downloads
#tar xzf nagios-plugins-1.4.7.tar.gz
#cd nagios-plugins-1.4.7
#./configure --with-nagios-user=nagios –with-nagios-group=nagios
#make
#make install
#htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
#/etc/init.d/httpd restart
#/etc/init.d/nagios restart
#chkconfig nagios on

Now check this configuration using link given below
http://localhost/nagios
or
http://yourhostname/nagios

Now go to /usr/local/nagios and configure the corresponding file as per your requirement. For more detail go to nagios.org

what is running on which port

netstat -tnlp ==> to see what the system is listening on whice port
netstat -anp | grep :8000 ==> to see what the system is listening on port number 8000