Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01 Manual page 115

Related
Documentation
Copyright © 2010, Juniper Networks, Inc.
Table 28: IPsec Routing Policies Configuration Details (continued)
Option
Always use UDP
Encapsulation
Always use a virtual
adapter
Persistent Tunnel Mode
Applies to roles
Configuring Infranet Controller IP Address Pool Policies (NSM Procedure) on page 98
Configuring Infranet Enforcer Resource Access Policies (NSM Procedure) on page 93
Chapter 10: Configuring Infranet Enforcer Policies
Function
Allows the Odyssey Access
Client and the Infranet
Enforcer to create an IPsec
tunnel inside a third-party
IPsec tunnel by using UDP
encapsulation even if a
NAT device is not present.
Forces the use of a virtual
adapter on the endpoint. If
you select this option, you
must also set up IP address
pools even if a NAT device
is not present.
Allows you to determine
whether or not a tunnel is
established when a user
first connects to the
Infranet Controller. If the
check box is selected, an
IPsec tunnel is established,
and users can access
protected resources behind
the Infranet Enforcer. If the
check box is not selected,
the tunnel is not
automatically set up: a
tunnel will not be initiated
until there is a request for
traffic.
Specifies the policies that
apply to the roles.
Your Action
Select this check box.
Select this check box.
Select this check box.
Select Policy applies to ALL roles
to apply this Infranet Controller
IPsec routing policy to all users.
Select Policy applies to SELECTED
roles to apply this Infranet
Controller IPsec routing policy only
to users who are mapped to roles
in the Selected roles list.
Select Policy applies to roles
OTHER THAN those selected to
apply this Infranet Controller IPsec
routing policy to all users except
those who map to the roles in the
Selected roles list.
NOTE: Select the policies from the
Non-members list and click Add to
move it to the Members list before
applying the policies to the roles.
97