Juniper JUNOS OS 10.4 - RELEASE NOTES REV 5 Release Note page 108

Hide thumbs Also See for JUNOS OS 10.4 - RELEASE NOTES REV 5:

Release note (216 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

page of 209

/ 209
Contents
Table of Contents
Bookmarks

Table of Contents

JUNOS OS 10.4 Release Notes

108

This feature is used to perform the following:

Assign an IP address to the client after successful authentication.

Provide a mechanism in AUTHD for linking an address pool to a client profile and

assigning an IP address to the client from the pool.

Provide a mechanism in AUTHD for assigning IP version 4 (IPv4) addresses to the

users.

Provide different IP addresses for multiple logins by the same user.

Allow configuration changes in the address pool after address assignment.

Address pools are defined at the [edit access address-assignment] hierarchy.

[Junos OS CLI Reference, Junos OS Administration Guide for Security Devices]

Local IP address management for VPN XAuth support—This feature is supported on

SRX100, SRX210, SRX240, SRX650, J4350, and J6350 devices.

When you configure extended authentication (XAuth), you must enter the username

and password, after the Internet Key Exchange (IKE) phase 1 security association (SA)

is established. AUTHD verifies the credentials received from you.

After successful authentication, AUTHD sends the following network parameters to

IKE or XAuth:

IP address

Domain Name System (DNS)

Windows Internet Naming Service (WINS)

The IP address can be drawn from a locally configured IP address pool. AUTHD requires

IKE or XAuth to release the IP address when it is no longer in use.

IKE provides a mechanism for establishing IP Security (IPsec) tunnels.

[Junos OS CLI User Guide, Junos OS Security Configuration Guide]

Support group Internet Key Exchange (IKE) IDs for dynamic VPN configuration —This

feature is supported on SRX100, SRX210, SRX220, SRX240, and SRX650 devices.

The existing design of the dynamic virtual private network (VPN) uses unique Internet

Key Exchange (IKE) ID for each user connection. For each user, VPN needs to be

configured with an individual IKE gateway, an IPsec VPN, and a security policy using

the IPsec VPN. This is cumbersome when there are a large number of users. The design

is modified to allow a number of users to share a set of IKE or IPsec VPN (or policy

configuration) using shared-ike-id or group-ike-id. This reduces the number of times

the VPN needs to be configured.

The shared-ike-id and group-ike-id allow you to configure VPN once for multiple users.

All users connecting through a shared-ike-id configuration use the same IKE ID and

preshared key. The user credentials are verified in the extended authentication (XAuth)

Table of Contents

Related Products for Juniper JUNOS OS 10.4 - RELEASE NOTES REV 5

This manual is also suitable for:

Junos os 10.4

Juniper JUNOS OS 10.4 - RELEASE NOTES REV 5 Release Note page 108

Related Manuals for Juniper JUNOS OS 10.4 - RELEASE NOTES REV 5

Related Products for Juniper JUNOS OS 10.4 - RELEASE NOTES REV 5

This manual is also suitable for:

Table of Contents