Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual page 13
Configuring screenos devices guide
Hide thumbs
Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01:
- Manual (340 pages) ,
- Administration manual (1026 pages) ,
- Installation manual (244 pages)
Table of Contents
Advertisement
Chapter 8
Copyright © 2010, Juniper Networks, Inc.
Defining VPN Members and Topology Using NSM . . . . . . . . . . . . . . . . . . . . . . . . 200
Traffic Protection Using Tunneling Protocol in NSM Overview . . . . . . . . . . . . . . 202
Traffic Protection Using IPsec Tunneling Protocol Overview . . . . . . . . . . . . . . . . 203
Using Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Using Encapsulating Security Payload (ESP) . . . . . . . . . . . . . . . . . . . . . . . . 203
Traffic Protection Using L2TP Tunneling Protocol Overview . . . . . . . . . . . . . . . . 205
VPN Tunnel Types Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
About Policy-Based VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
About Route-Based VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Defining VPN Checklist Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Defining Members and Topology in NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Defining Traffic Types for Data Protection in NSM . . . . . . . . . . . . . . . . . . . . . . . . 207
Defining VPN Traffic Using Security Protocols in NSM . . . . . . . . . . . . . . . . . . . . . 208
Defining Tunnel Creation Methods in NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Using VPN Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Creating Device-Level VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Preparing Basic VPN Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Preparing Required Policy-Based VPN Components Overview . . . . . . . . . . . . . . . 211
Policy-Based VPN Creation Using Address Objects and Protected Resources
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Configuring Address Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Configuring Protected Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Policy-Based VPN Creation Using Shared NAT Objects Overview . . . . . . . . . . . . 212
Authenticating RAS Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Configuring Group IKE IDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Configuring Required Routing-Based VPN Components Overview . . . . . . . . . . . 215
Routing-Based VPN Support Using Tunnel Interfaces and Tunnel Zones
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Preparing Optional VPN Components Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Optional VPN Support Using Authentication Servers Overview . . . . . . . . . . . . . . 217
Optional VPN Support Using Certificate Objects Overview . . . . . . . . . . . . . . . . . 217
Configuring Local Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Configuring CA Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Configuring CRL Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Configuring VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Device Level VPN Types and Supported Configurations Overview . . . . . . . . . . . . 221
Device Level AutoKey IKE VPN: Using Gateway Configuration Overview . . . . . . . 221
ScreenOS Devices Gateway Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
ScreenOS Devices IKE IDs or XAuth Identification Number . . . . . . . . . . . . . 224
Security Methods for ScreenOS Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Device Level AutoKey IKE VPN: Using Routes Configuration Overview . . . . . . . . 227
Device-Level AutoKey IKE VPN: Using VPN Configuration Overview . . . . . . . . . . 227
Device-Level AutoKey IKE VPN Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
ScreenOS Security Measures Using VPN Configuration . . . . . . . . . . . . . . . . 228
Binding/ProxyID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Table of Contents
xiii
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 and is the answer not in the manual?
Questions and answers