Table of Contents
Advertisement
Network and Security Manager Administration Guide
Example: Configuring a Policy-Based RAS VPN, L2TP
614
Create the Paris VPN
In the device navigation tree, select VPN Settings > AutoKey IKE/Manual VPN.
1.
Select the Manual tab, then click the Add icon. The Properties screen appears.
2.
Configure the following:
3.
For Name, enter Paris_Tokyo.
For Gateway, enter 2.2.2.2.
For Local SP, enter 3020.
For Remote SPI, enter 3030.
For Outgoing Interface, select ethernet3.
For ESP/AH, select ESP CBC.
For Encryption Algorithm, select 3DES-CBC, then select Generate Key by Password
and enter the password asdlk24234.
For Authentication Algorithm, select SHA-1, then select Generate Key by Password
and enter the password PNas134a.
Select the Binding tab. Enable Tunnel Zone and select untrust-tun.
4.
Click OK to save the new VPN.
5.
Create Paris Routes.
6.
Create the security policy
In the main navigation tree, select Policies. Click the Add icon to display the new
1.
Security Policy dialog box.
Configure the following, then click OK:
2.
For Security Policy Name, enter Corporate Policy-Based VPN.
Optionally, enter comments.
In the main navigation tree, select Policies > Corporate Policy-Based VPN. The
3.
security policy appears in the main display area. Configure two VPN rules.
Rule 1 creates the VPN tunnel from the Tokyo device to the Paris device.
Rule 2 creates the VPN tunnel from the Paris device to the Tokyo device.
Save the security policy.
4.
In this example, you create a RAS user group called Field Sales and configure an L2TP
tunnel called Sales_Corp, using ethernet3 (Untrust zone) as the outgoing interface for
the L2TP tunnel. The security device applies the default L2TP tunnel settings to the RAS
user group.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
