Site A (Static):

1. Create tunnel interface:

Click Network > Interfaces
1. Click New
1. Interface Name: tunnel.1
2. Zone: Trust (trust-vr)
3. Click unnumbered
4. Interface Untrust (trust-vr)
5. Click OK

2. Click VPNs > AutoKey Advanced > Gateway

3. Click New
1. Gateway Name: KAC GW P1
2. Security Level: Custom
3. Remote Gateway: Click Static IP Address, and enter Peer ID 168.187.x.x
4. Preshared Key: netscreen
5. Outgoing Interface: untrust (or whichever interface goes out to the Internet)
6. Click Advanced
1. Phase 1 Proposal: pre-g2-3des-md5 [ enter Local ID: 168.187.x.x)
2. Mode (Initiator): Main( ID Protection)
3. Click Return
7. Click OK
4. Click Autokey IKE
5. Click New
1. VPN Name: KAC GW P2
2. Security Level: Custom
3. Remote Gateway: Click Predefined, and select KAC GW P1 from the pulldown
menu
4. Click Advanced
1. Phase 2 Proposal: nopfs-g2-esp-3des-md5
2. Bind To: Tunnel Interface. Select tunnel.1
3. Click Proxy ID
1. Local IP/Netmask: 192.168.1.0 / 24
2. Remote IP/Netmask: 10.98.1.0 /24
3. Service: ANY
4. Click Return
5. Click OK
6. Click Policy
7. Select From Trust to Untrust Zone, and click New
1. Source Address: Click New Address, and enter 192.168.1.0/24
2. Destination Address: Click New Address, and enter 10.98.1.0/24
3. Service: Any
4. Action: Permit
 5. Modify matching bidirectional VPN policy: Enabled
6. Position at Top: Enabled
7. Click Ok
8. Create static route for destination network through VPN:
Click Network > Routing > (5.2 and below) Routing Table, (5.3 and above) Destination
1. Click New
1. Network Address / Netmask: 10.98.1.0 / 255.255.255.0
2. Click Gateway
3. Interface: tunnel.1
4. Click OK