Chapter 11 Configuring Vpns - Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 Administration Manual

CHAPTER 11
Configuring VPNs
Copyright © 2010, Juniper Networks, Inc.
VPNs route private data through a public Internet. Like normal Internet traffic, data in a
VPN is routed from source to destination using public Internet networking equipment.
Unlike normal traffic, however, the source and destination use a Security Association
(SA) pair to create a secure, private tunnel through which the data traverses the Internet.
A tunnel has a defined start point and end point, (usually an IP address), and is a private
connection through which the data can move freely. By encrypting and authenticating
the data while in the tunnel, you can ensure the security and integrity of the data.
VPNs can also connect widely distributed networks to make separate networks appear
as a single wide area network (WAN). VPNs replace costly Point-to-Point Protocol (PPP)
and Frame Relay connections that require dedicated lines (and sometimes even satellites)
between your private networks.
This chapter discusses the concepts involved in creating secure tunnels between devices,
details the differences between VPN types, helps you determine the best VPN for your
network, and guides you through creating and configuring your chosen VPN.
NOTE: For step-by-step instructions on creating VPNs, see the NSM Online Help topic
"VPNs".
About VPNs on page 528
Planning for Your VPN on page 529
Preparing VPN Components on page 538
Creating VPNs with VPN Manager on page 544
VPN Manager Examples on page 561
Creating Device-Level VPNs on page 576
Device-Level VPN Examples on page 591
Auto-Connect Virtual Private Network on page 600
IVE VPN Monitoring on page 602
527