Binding/Proxyid - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Binding/ProxyID

Table 56: Binding/ProxyID
Binding Methods
None
Tunnel Interface
Tunnel Zone
DSCP Marking
DSCP Value
Proxy
Proxy ID Check
Copyright © 2010, Juniper Networks, Inc.
You can bind the VPN tunnel to a tunnel interface or tunnel zone to increase the number
of available interfaces in the security device. To use a tunnel interface and/or tunnel zone
in your VPN, you must first create the tunnel interface or zone on the device; for details,
see "Routing-Based VPN Support Using Tunnel Interfaces and Tunnel Zones Overview"
on page 215 and "Configuring a Tunnel Interface" on page 87.
Table 56 on page 229 describes the binding methods in the device.
Description
Select none when you do not want to bind the VPN tunnel to a tunnel interface or zone.
Select a preconfigured tunnel interface on the security device to bind the VPN tunnel to the
tunnel interface. The security device routes all VPN traffic through the tunnel interface to the
protected resources. The user can set DSCP marking as a system for tagging traffic at a position
within a hierarchy of priority.
Select a preconfigured tunnel zone on the security device to bind the VPN tunnel directly to the
tunnel zone. The tunnel zone must include one or more numbered tunnel interfaces; when the
security device routes VPN traffic to the tunnel zone, the traffic uses one or more of the tunnel
interfaces to reach the protected resources.
Select an option upon which the ScreenOS device overwrites the first 3 bits in the ToS byte with
the IP precedence priority.
Select the DSCP Value.
Select an option to define a proxy ID through either an IP address or an address name of the
local and remote device.
IP Address — Select this option to define multiple proxy IDs using an IP address. Upon selecting
this option, you must set the new IP format settings.
Address Book — Select this option to define multiple proxy IDs using an address book. Upon
selecting this option, you must set the new address format settings.
Disable — Select this option to disable the proxy parameter settings.
Select this option to enable the proxy-ID check on a route-based VPN. From ScreenOS 6.3,
proxy ID check supports IPv6.
You can also enable proxy and configure the proxy parameters. When multiple tunnels
exist between peers, the security device cannot use the route to direct the traffic through
a particular tunnel. In such cases, the security device uses multiple proxy IDs to direct
the traffic. You can use either an IP address or an address name of the local and remote
device to define a proxy ID.
Chapter 8: Configuring VPNs
229