Table of Contents
Advertisement
Chapter 12
Copyright © 2010, Juniper Networks, Inc.
VPN Manager Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 561
Example: Configuring an Autokey IKE RAS, Policy-Based VPN . . . . . . . . . . 566
Creating Device-Level VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576
Supported Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577
Creating AutoKey IKE VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577
IKEv2 and EAP Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577
Configuring Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 578
Configuring Routes (Route-based only) . . . . . . . . . . . . . . . . . . . . . . . . . 582
Configuring the VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 582
Adding a VPN Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 585
Creating Manual Key VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 585
Adding XAuth Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586
Configuring Routes (Route-based only) . . . . . . . . . . . . . . . . . . . . . . . . 586
Configuring the VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586
Adding a VPN Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 588
Creating L2TP VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589
Adding L2TP Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589
Configuring L2TP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589
Adding a VPN Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 590
Creating L2TP Over Autokey IKE VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 590
Adding VPN Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 590
Configuring the VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 590
Configuring the Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 591
Assign and Install the Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . 591
Device-Level VPN Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 591
Example: Configuring a Policy-Based Site-to-Site VPN, Manual Key . . . . . . 597
Example: Configuring a Policy-Based RAS VPN, L2TP . . . . . . . . . . . . . . . . . 598
Auto-Connect Virtual Private Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 600
Configuring ACVPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 600
IVE VPN Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602
Central Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 603
Central Manager Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 603
Regional Server and Central Manager Self-Sufficiency . . . . . . . . . . . . . . . . 603
Self-Sufficient Central Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 603
Self-Sufficient Regional Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604
Super Admin User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604
Regional Server Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604
Management Modes for J Series and SRX Series Devices . . . . . . . . . . . . . . 604
Central Management Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604
Device Management Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605
Using Central Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605
Adding a Regional Server Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605
Deleting a Regional Server Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606
Table of Contents
xxvii
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008