Table of Contents
Advertisement
Network and Security Manager Administration Guide
Preparing VPN Components
Preparing Basic VPN Components
Preparing Required Policy-Based VPN Components
538
After you have determined how you want to configure your VPN, you can begin preparing
the VPN components necessary to create the VPN. A VPN combines device-level
components (such as devices, zones, and routes) with network-level components
(authentication, users, and NAT) to create a secure system of communication. Before
you can create a VPN, you must first configure the components that comprise the VPN.
Each VPN type has basic, required, and optional components:
"Preparing Basic VPN Components" on page 538
"Preparing Required Policy-Based VPN Components" on page 538
"Configuring Required Routing-Based VPN Components" on page 541
"Configuring Optional VPN Components" on page 543
For mixed-mode VPNs, you must configure all basic and required policy- and route-based
components.
NOTE: For step-by-step instructions on creating VPNs, see the NSM Online Help topic
"VPNs" .
To create any type of VPN, ensure that all security devices you want to use in the VPN
are managed by NSM and configured correctly.
Devices—Add the security devices you want to include in the VPN to NSM, ensuring
that all devices are in the same domain. If you need to add a device to a VPN in a
different domain, you must add the device as an extranet device in the domain that
contains the VPN, then add the extranet device to the VPN.
Zones—Configure each security device with at least two zones (trust and untrust);
each zone must contain at least one interface (physical or virtual).
A policy-based VPN requires several components:
Address objects
Protected resources
NAT objects
User objects
The following sections detail how to configure each component; after you have created
a component, you can use it to create your VPN.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
