Juniper JUNOS OS 10.4 - RELEASE NOTES REV 6 Release Note page 113

Hide thumbs Also See for JUNOS OS 10.4 - RELEASE NOTES REV 6:

Release note (209 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

page of 216

/ 216
Contents
Table of Contents
Bookmarks

Table of Contents

New Features in Junos OS Release 10.4 for SRX Series Services Gateways and J Series Services Routers

The server sends a predefined IPsec proposal from the configured IPsec proposal

set to the client, along with the default rekey timeout value. For IKE, the server sends

the setting that is configured in the IKE proposal.

NOTE: If IPsec uses the standard proposal set and perfect forward secrecy

(PFS) is not configured, then the default PFS is set as group2. For other

proposal sets, PFS will not be set because it is not configured.

[Junos OS CLI Reference, Junos OS Security Configuration Guide]

Local authentication and IP address assignment for dynamic VPN—This feature is

supported on SRX100, SRX210, SRX220, SRX240, and SRX650 devices.

A client application sends an authentication request and a request for an IP address

on behalf of an unauthenticated client at the same time. The communication between

the client and AUTHD is minimized because the IP address request is not sent as a

separate message.

After successful local authentication, AUTHD performs the following tasks:

Assigns the address from the predefined (or statically assigned) address pools if

the address matches the criteria specified by the client application.

Assigns attributes such as wins server and name-server address.

Updates the associated client entry in the session database.

Note: For client applications that rely on a RADIUS or other external server for

authentication, AUTHD might not assign IP addresses.

This feature is used to perform the following:

Assign an IP address to the client after successful authentication.

Provide a mechanism in AUTHD for linking an address pool to a client profile and

assigning an IP address to the client from the pool.

Provide a mechanism in AUTHD for assigning IP version 4 (IPv4) addresses to the

users.

Provide different IP addresses for multiple logins by the same user.

Allow configuration changes in the address pool after address assignment.

Address pools are defined at the [edit access address-assignment] hierarchy.

[Junos OS CLI Reference, Junos OS Administration Guide for Security Devices]

Local IP address management for VPN XAuth support—This feature is supported on

SRX100, SRX210, SRX240, SRX650, J4350, and J6350 devices.

When you configure extended authentication (XAuth), you must enter the username

and password, after the Internet Key Exchange (IKE) phase 1 security association (SA)

is established. AUTHD verifies the credentials received from you.

113

Table of Contents

Related Products for Juniper JUNOS OS 10.4 - RELEASE NOTES REV 6

This manual is also suitable for:

Junos os 10.4

Juniper JUNOS OS 10.4 - RELEASE NOTES REV 6 Release Note page 113

Related Manuals for Juniper JUNOS OS 10.4 - RELEASE NOTES REV 6

Related Products for Juniper JUNOS OS 10.4 - RELEASE NOTES REV 6

This manual is also suitable for:

Table of Contents