Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual page 266

Configuring ScreenOS Devices Guide
242
For Name, enter Paris_Tokyo.
For Gateway, enter 2.2.2.2.
For Local SP, enter 3020.
For Remote SPI, enter 3030.
For Outgoing Interface, select ethernet3.
For ESP/AH, select ESP CBC.
For Encryption Algorithm, select 3DES-CBC, and then select Generate Key by
Password and enter the password asdlk24234.
For Authentication Algorithm, select SHA-1, and then select Generate Key by
Password and enter the password PNas134a.
Select the Binding tab. Select Tunnel Interface, and then select tunnel.1.
19.
In the device navigation tree, select Network > Virtual Router to display the list of
20.
virtual routers on the device.
Click OK to save the new VPN.
21.
Create Paris routes.
22.
Double-click the trust-vr route to open the vr for editing.
23.
In the virtual router dialog box, click Routing Table, and then click the Add icon under
24.
destination-based routing table to add a new static route.
NOTE: ScreenOS 5.0.x or later devices display both destination-based
and source-based routing tables; ScreenOS 5.1 and later devices display
destination-based, source-based, and source interface-based routing
tables.
Configure a route from the untrust interface to the gateway, and then click OK.
25.
Configure route from the trust zone to the tunnel interface, and then click OK.
26.
Click OK to save your changes to the virtual router, and then click OK to save your
27.
changes to the Paris device.
Create the security policy:
28.
In the main navigation tree, select Security Policies. Click the Add icon to display
the New Security Policy dialog box.
Configure the following settings, and then click OK:
29.
For Security Policy Name, enter Corporate Route-based VPNs.
Add comments, if desired.
In the NSM navigation tree, select Security Policies > Corporate Route-based VPNs.
30.
The security policy appears in the display area. Configure the rules.
Copyright © 2010, Juniper Networks, Inc.