Table of Contents
Advertisement
Network and Security Manager Administration Guide
608
Properties
Enter the following values:
VPN name—Enter a name for the VPN.
Remote Gateway—Select the gateway for the VPN.
Idle Time to Disable SA—Configure the number of minutes before a session that has
no traffic automatically disables the SA.
Replay Protection—In a replay attack, an attacker intercepts a series of legitimate
packets and uses them to create a denial-of-service (DoS) against the packet
destination or to gain entry to trusted networks. If replay protection is enabled, your
security devices inspect every IPSec packet to see if the packet has been received
before—if packets arrive outside a specified sequence range, the security device rejects
them.
IPSec Mode—Configure the mode:
Use tunnel mode for IPSec. Before an IP packet enters the VPN tunnel, NSM
encapsulates the packet in the payload of another IP packet and attaches a new IP
header. This new IP packet can be authenticated, encrypted, or both.
Use transport mode for L2TP-over-IPSec. NSM does not encapsulate the IP packet,
meaning that the original IP header must remain in plaintext. However, the original
IP packet can be authenticated, and the payload can be encrypted.
Do not set Fragment Bit in the Outer Header—The Fragment Bit controls how the IP
packet is fragmented when traveling across networks.
Clear. Use this option to enable IP packets to be fragmented.
Set. Use this option to ensure that IP packets are not fragmented.
Copy. Select to use the same option as specified in the internal IP header of the
original packet.
Security
For Phase 2 negotiations, select a proposal or proposal set. You can select from predefined
or user-defined proposals:
To use a predefined proposal set, select one of the following:
Basic (nopfs-esp-des-sha, nopfs-esp-des-md5)
Compatible (nopfs-esp-3des-sha, nopfs-esp-3des-md5, nopfs-esp-des-sha,
nopfs-esp-des-md5)
Standard (gs-esp-3des-sha, gs-esp-aes128-sha)
To use a user-defined proposal, select a single proposal from the list of predefined
and custom IKE Phase 2 Proposals.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008