Table of Contents
Advertisement
Copyright © 2010, Juniper Networks, Inc.
NOTE: If the security device is running ScreenOS 5.x and configured in transparent
mode, you can only configure the zone (the interface does not appear).
To use a tunnel interface and/or tunnel zone in your VPN, you must first create the
tunnel interface or zone on the device; for details, see "Configuring Tunnel Interfaces
and Tunnel Zones" on page 558 and the Network and Security Manager Configuring
ScreenOS and IDP Devices Guide.
Tunnel Zone. Select a preconfigured tunnel zone on the security devices to bind the
VPN tunnel directly to the tunnel zone. The tunnel zone must include one or more
numbered tunnel interfaces; when the security devices route VPN traffic to the tunnel
zone, the traffic uses one or more of the tunnel interfaces to reach the protected
resources.
Tunnel Interface. Select a preconfigured tunnel interface on the security devices to
bind the VPN tunnel to the tunnel interface. The security devices route all VPN traffic
through the tunnel interface to the protected resources.
Configure MIP, VIP, and Outgoing DIP
Enable MIP. Enable MIP to use a mapped IP address for the interface.
Global MIP. Select the global MIP object that represents the mapped IP address you
want to use for the interface.
Global VIP. Select the global VIP object that represents the virtual IP address you
want to use for the interface.
Global DIP (Outgoing). You can enable the security device to use a Dynamic IP pool
for outgoing VPN traffic. For each outgoing VPN packet, the device translates the
source address into a IP address selected from the DIP pool. Select the Global DIP
object that represents range of IP addresses available to the security device. (This
DIP pool must include IP address that are routeable on the Internet.)
Configuring L2TP
For L2TP RAS VPNs and L2TP over AutoKey IKE VPN protected resources, you must
configure L2TP settings.
To connect to an L2TP VPN tunnel, the L2TP RAS user uses the IP address and WINS/DNS
information assigned by the user's ISP. However, when the L2TP RAS user sends VPN
traffic through the tunnel, the security device assigns a new IP address and WINS/DNS
information that enables the traffic to reach the destination network.
Below the Protected Resources pane, select L2TP/NAT to display the protecting security
devices for each protected resource. (If you are configuring an AutoKey IKE VPN or
AutoKey IKE RAS VPN, this option does not appear.) Select the device for which you
want to configure L2TP. In the L2TP tab, specify the following values (you cannot edit
the name of the device).
Chapter 12: Configuring VPNs
563
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper 200 Series