L2Tp And Xauth Local Users Configuration Overview; Configuring L2Tp Local Users (Nsm Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Related
Documentation

L2TP and Xauth Local Users Configuration Overview

Related
Documentation

Configuring L2TP Local Users (NSM Procedure)

Copyright © 2010, Juniper Networks, Inc.
Click OK to save your changes to the device.
9.
Configure a rule in the zone rulebase of a security policy.
10.
Example: Creating Device Level VPN Type 2 (NSM Procedure) on page 243
Adding VPN Rules to a Security Policy Overview on page 237
Use the L2TP/XAuth/Local User option to enable the security device to authenticate
local users and/or assign specific IP pools and remote settings. Because user objects are
shared objects, you can configure the same user on multiple devices, but assign different
remote settings and IP pool for each device.
You must configure a L2TP or XAuth local user on a security device when:
You want the device to authenticate the user. Typically, you want to authenticate a
user who is connecting to the device using a VPN tunnel.
You want the device to assign specific IP, DNS server, and WINS server addresses to
a user who is connecting to the device using a VPN tunnel. The remote settings and IP
pool you assign at the device level override the remote settings and IP pool assigned
to the VPN.
Configuring L2TP Local Users (NSM Procedure) on page 247
XAuth Users Authentication Overview on page 249
Adding VPN Rules to a Security Policy Overview on page 237
The Layer 2 Tunneling Protocol (L2TP) enables a security device to authenticate users
using the local database or an external auth server, and assign specific remote settings
and IP pools.
L2TP enables the security device to authenticate users; to encrypt an L2TP VPN tunnel,
you must apply an encryption scheme, such as IPsec, to the L2TP tunnel. When configuring
an L2TP-over-IPsec VPN, you are actually setting up an L2TP tunnel and an IPSec tunnel
with the same endpoints, and then linking the two tunnels together in a security policy
rule. VPN Manager automatically generates the required rules; if you are creating the
L2TP-over-IPsec VPN at the device-level, you must configure the rules manually. For
more information about L2TP VPNs, see "Device Level L2TP VPN: Using L2TP Users
Configuration Overview" on page 235.
You can also use the device to assign specific IP, DNS server, and WINS server addresses
from the local database or a RADIUS server. When you assign the L2TP user or user group
a remote setting and IP pool at the device level, the settings override the remote settings
and IP pool assigned to the VPN. You can even use different auth servers, one for each
Chapter 8: Configuring VPNs
247