Table of Contents
Advertisement
Copyright © 2010, Juniper Networks, Inc.
Default Server—Use the default server to use the default XAuthentication server for
the device. To change or assign a default XAuthentication server, edit the VPN settings
> Defaults > Xauth settings.
XAuth Server—Use to specify the authentication server that assigns TCP/IP settings
to the remote gateway.
XAuth Server Name. Select a preconfigured authentication server object. For details
on creating authentication server objects.
Allowed Authentication Type. Select generic or Challenge Handshake Authentication
Protocol (CHAP) (password is sent in the clear) to authenticate the remote gateway.
Query Remote Setting. Enable this option to query the remote settings object for
DNS and WINS information.
Users and Groups. To authenticate XAuth RAS users using the authentication server,
enable User or User Group and select a preconfigured user object.
XAuth Client—Use when the remote gateway is a RAS user that you want to
authenticate.
Allowed Authentication Type. Select Any or Challenge Handshake Authentication
Protocol (CHAP) for authentication (password is sent in the clear.
User Name and Password. Enter the user name and password that the RAS user
must provide for authentication.
NOTE: All passwords handled by NSM are case-sensitive.
Bypass Authentication—Use to permit VPN traffic from this VPN member to pass
unauthenticated by the Auth server.
Security
Select the authentication method you want to use in the VPN:
Preshared Key—Use if your VPN includes security devices and/or RAS users. VPN nodes
use the preshared key during Phase 1 negotiations to authenticate each other; because
each node knows the key in advance, negotiations use fewer messages and are quicker.
To generate a random key, enter a value for the seed, then click Generate Key. NSM
uses the seed value to generate a random key, which is used to authenticate VPN
members.
NOTE: Using a random key can generate a value in excess of 255 characters, which
exceeds ScreenOS limits and might not be accepted by the security device during
update. To reduce the key size, shorten the autogenerated key value by deleting
characters.
To use a predefined value for the key, enter a value for the Preshared Key.
Chapter 12: Configuring VPNs
597
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper 200 Series