Table of Contents
Advertisement
Network and Security Manager Administration Guide
Configuring Members
562
Dial Backup. When enabled, VPN Manager displays the dial backup option for
route-based components (dial backup is supported only on NetScreen-5GT
devices running ScreenOS 5.1 and later).
Click OK to save the VPN and return to VPN Manager.
3.
The second step in configuring your VPN is to add members to the VPN. Depending on
the type of VPN you are creating, you can add protected resources, security devices,
and/or RAS users as VPN members.
Adding Policy-Based Members
In policy-based configuration area, you can add protected resources to the VPN. Click
Protected Resources link and select the predefined Protected Resources you want to
include in the VPN.
After you have added the protected resources, you can configure NAT and/or L2TP
settings on the security device that protects each resource:
For L2TP RAS VPNs and L2TP over AutoKey IKE VPN protected resources, you must
configure L2TP settings.
For all protected resources, you can configure policy-based NAT. Use policy-based
NAT to translate private source IP addresses to Internet-routeable IP addresses.
Configuring NAT is optional; if you do not use NAT on your network, you do not need
to configure NAT for the VPN.
The following sections detail how to configure NAT and L2TP.
Configuring NAT
Below the Protected Resources window, select NAT to display the protecting security
devices for each protected resource. Select the device for which you want to configure
NAT. Enable NAT and specify the following values (you cannot edit the name of the
device or the zone that contains the protected resource).
Configure Incoming DIP—You can enable the security device to use a Dynamic IP pool
for incoming VPN traffic. For each incoming VPN packet, the device translates the
destination address into a IP address that is selected from the DIP pool.
Interface for Incoming DIP. Select the interface that receives traffic addressed to
Dynamic IP addresses.
Incoming Global DIP. Select the Global DIP object that represents range of IP
addresses available to the security device. (This DIP pool must include IP addresses
that are routeable on your internal network.)
For details on configuring DIP objects.
Configure Tunnel Interface and Zone—You can bind the VPN tunnel to a tunnel interface
or tunnel zone to increase the number of available interfaces in the security device.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper 200 Series