System-Level And Device-Level Vpn Using Nsm Overview; System-Level Vpn With Vpn Manager Overview - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Configuring ScreenOS Devices Guide

System-Level and Device-Level VPN Using NSM Overview

Related
Documentation

System-Level VPN with VPN Manager Overview

Table 46: VPNs Supported
VPNs
AutoKey IKE VPNs
L2TP-over-AutoKey IKE RAS VPNs
and L2TP RAS VPNs
Re-usable VPN Components
196
Optional VPN Support Using Authentication Servers Overview on page 217
Optional VPN Support Using Certificate Objects Overview on page 217
With Network and Security Manager (NSM), you can use basic networking principles and
your Juniper Networks security devices to create VPNs that connect your headquarters
with your branch offices and your remote users with your protected networks.
NSM supports tunnel and transport modes for AutoKey IKE, Manual Key, L2TP, and
L2TP-over-AutoKey IKE VPNS in policy or route-based configurations. You can create
the VPN at the system-level or device-level:
System-Level VPN (VPN Manager)—Design a system level VPN and automatically set
up connections, tunnels, and rules for all devices in the VPN.
Device-Level VPN (Device Manager)—Manually configure VPN information for each
security device, and then add VPN rules to a security policy to create a policy-based
VPN or configure routes on each security device to create a route-based VPNs.
NOTE: Each VPN that a device belongs to reduces the maximum number
of templates by one. This includes VPNs configured in VPN Manager and
VPNs configured at the device-level. You can apply a maximum of 63
templates to a single device.
System-Level VPN with VPN Manager Overview on page 196
Device-Level VPN in Device Manager Overview on page 197
VPN Configuration Supported Overview on page 198
For AutoKey IKE and L2TP VPNs, create the VPN at the system level using VPN Manager.
Table 46 on page 196 describes the different VPNs that the VPN Manager supports.
Description
Used in policy-based or route-based modes. You can also create a Mixed-Mode VPN to
connect policy-based VPN members to route-based VPNs members in a single VPN.
Connect and authenticate multiple L2TP remote access server (RAS) users and protected
resources with or without encryption.
Create objects to represent your protected resources, CA certificates and CRLs, custom
IKE proposals, and NAT configurations, and then use these objects in multiple VPNs.
Copyright © 2010, Juniper Networks, Inc.