Figure 93: Configure Security For Autokey Ike Ras Vpn; Example: Configuring An Autokey Ike, Route-Based Site-To-Site Vpn - Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 Administration Manual

Example: Configuring an Autokey IKE, Route-Based Site-to-Site VPN

Copyright © 2010, Juniper Networks, Inc.

Figure 93: Configure Security for AutoKey IKE RAS VPN

d. Click Save to save your configuration changes to the VPN.
To view the autogenerated rules, click the Policy Rules link in the Overrides
section. VPN Manager generates the rules.
Add the VPN Link. You must create a VPN link between the security policy and the
11.
VPN Manager autogenerated rules. You create this link by inserting a VPN link in the
security policy; this links points to the VPN rules that exist in the VPN Manager.
a. In Security Policies, select an existing security policy (or create a new security
policy). Right-click and select Add VPN link.
b. Select the UNIX Remote Access VPN.
c. Click OK to add the link to the policy. By default, the link appears at the top of
the policy, but you can move the VPN link anywhere in the policy, just as you
would a firewall rule.
In this example, an AutoKey IKE VPN tunnel using a preshared key provides a secure
connection between security devices protecting the Tokyo and Paris offices. The Untrust
zone interface for both security devices use a static IP address. All security and tunnel
zones are in the trust-vr. The preshared key is h1p8A24nG5. For the Phase 1 and 2 security
levels, specify the Phase 1 proposal as pre-g2-3des-sha and the Phase 2 proposal as
predefined compatible.
Configure the Tokyo device with the following interfaces:
1.
Ethernet1 is the Trust IP (10.1.1.1/24) in the Trust zone.
Ethernet3 is the Untrust IP (1.1.1.1/24).
Configure the Paris device with the following interfaces:
2.
Chapter 11: Configuring VPNs
569