Preparing Basic Vpn Components - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual
Configuring screenos devices guide
Hide thumbs
Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01:
- Manual (340 pages) ,
- Administration manual (1026 pages) ,
- Installation manual (244 pages)
Table of Contents
Advertisement
Configuring ScreenOS Devices Guide
Related
Documentation
Preparing Basic VPN Components
Related
Documentation
210
Preparing Basic VPN Components on page 210
Preparing Required Policy-Based VPN Components Overview on page 211
Defining VPN Traffic Using Security Protocols in NSM on page 208
After you have determines how you want to configure your VPN, you can begin preparing
the VPN components necessary to create the VPN. A VPN combines device-level
components (such as devices, zones, and routes) with network-level components
(authentication, users, and NAT) to create a secure system of communication. Before
you can create a VPN, you must first configure the components that comprise the VPN.
Each VPN type has basic, required, and optional components:
Preparing basic VPN components
Preparing required policy based VPN components
Configuring required routing based VPN components
Configuring optional VPN components
For mixed-mode VPNs, you must configure all basic and required policy- and route-based
components.
NOTE: For step-by-step instructions on creating VPNs, see the Network and
Security Manager Online Help.
To create any type of VPN, ensure that all security devices you want to use in the VPN
are managed by NSM and configured correctly.
Devices—Add the security devices you want to include in the VPN to NSM, ensuring
that all devices are in the same domain. If you need to add a device to a VPN in a
different domain, you must add the device as an extranet device in the domain that
contains the VPN, and then add the extranet device to the VPN. Domain selection is
critical when using VPNs. You can create VPNs only between devices within the same
domain. If you need to add a device to a VPN in a different domain, add the device as
an extranet device in the domain that contains the VPN, and then add the extranet
device to the VPN.
Zones—Configure each security device with at least two zones (trust and untrust);
each zone must contain at least one interface (physical or virtual). For details on
creating and configuring zones and interfaces, see "Configuring Zones and Zone
Properties in ScreenOS Devices Overview" on page 39.
Preparing Required Policy-Based VPN Components Overview on page 211
Policy-Based VPN Creation Using Address Objects and Protected Resources Overview
on page 211
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
