Table of Contents
Advertisement
Auto-Connect Virtual Private Network
Copyright © 2010, Juniper Networks, Inc.
For Wins2, enter 0.0.0.0.
Configure the IP Pool object. Configure the following, then click OK:
For IP Pool Name, enter Global.
For Color, select magenta.
For Start IP, enter 10.10.2.100.
For End IP, enter 10.10.2.180.
Configure the L2TP Tunnel
In Device Manager, double-click the device icon for the device on which you want to
1.
configure the L2TP tunnel.
In the device navigation tree, select VPN Settings > L2TP. In the main display area,
2.
click the Add icon. The null-L2TP tunnel dialog box appears.
Configure the following, then click OK:
3.
For Name, enter Sales_Corp.
For Outgoing Interface, select ethernet3.
For Keep Alive, enter 60.
For Peer IP, enter 0.0.0.0 (because the peer's ISP dynamically assigns it an IP
address, enter 0.0.0.0 here).
Select Use Custom Settings, and leave the default authentication server as Local.
For User/Group, select Dialup Group, then select Field Sales.
Click OK to save your changes to the device.
4.
Configure a rule in the Zone Rulebase of a security policy.
5.
Hub-and-spoke configurations are deployed in large enterprises. Each branch site (spoke)
is connected to a central site (hub). The communication between spoke sites must go
through the hub, which does not scale as the number of spoke sites increases.
Using the auto-connect virtual private network (ACVPN) feature in devices running
ScreenOS 6.0 and later, you can configure your hub-and-spoke network so that spokes
dynamically create VPN tunnels between each other as needed. The dynamic tunnels
time out when traffic ceases to flow through them, freeing network administrators from
the time-consuming task of maintaining a complex network of static VPN tunnels.
With ACVPN, all spokes are connected to the hub by VPN tunnels. All VPN tunnels
configured towards the hub must be route based. After you set up a static VPN tunnel
Chapter 12: Configuring VPNs
625
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 and is the answer not in the manual?