Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SECURE ACCESS DEVICES GUIDE REV 01 Manual page 175

Table 38: Configuring Network Connect Connection Profile Details (continued)
Options
Encryption
Compression
Applies to roles
IP Allocation tab
IP Address Assignment
DNS tab
Custom DNS settings
Copyright © 2010, Juniper Networks, Inc.
Your Action
Specify the encryption method by choosing one of the following:
AES128/MD5 (maximize performance) —This option instructs the device to
employ Advanced Encryption Standard (AES) 128-bit encryption on the data
channel and the MD5 authentication method for Network Connect sessions.
AES128/SHA1 —This option instructs the device to employ AES 128-bit encryption
on the data channel and the SHA1 authentication method during Network Connect
sessions.
AES256/MD5 —This option instructs the device to employ AES 256-bit encryption
on the data channel and the MD5 authentication method for Network Connect
sessions.
AES256/SHA1 (maximize security) —This option instructs the device to employ
AES 256-bit encryption on the data channel and the SHA1 authentication method
during Network Connect sessions.
Select No Compression from the drop-down list if you do not want to employ
compression for the secure connection.
Select Selected from the drop-down list if you want to select roles for the connection
profile. Upon selection, the Role Selections tab is enabled.
Specify the method of client-side IP address assignment. Select one of the following
options from the drop-down list:
DHCP server —This option allows you to specify the hostname or IP address of
a network Dynamic Host Configuration Protocol (DHCP) server responsible for
handling client-side IP address assignment.
By default, the client's hostname is sent by the device to the DHCP server in the
DHCP hostname option (option12.) Passing the user ID in the DHCP hostname
option is no longer supported. As an alternative, you can configure the following
entry in the DHCP options table:
option number=12, option value=<username><authmethod>, option type=String.
Or you can pass a value by adding an entry in the DHCP options table for hostname
with whatever value you want. For example:
option number=12, option value=foo, option type=String.
NOTE: The Secure Access device does not send a DHCP release to the DHCP server
after the Network Connect session terminates.
IP Pool —This option allows you to specify IP addresses or a range of IP addresses
for the device to assign to clients that run the Network Connect service. Use the
canonical format: ip_range.
IP address pool also supports attribute substitution. For example, you can enter
a RADIUS role-mapping attribute in this field, such as
<userAttr.Framed-IP-Address>.
Select this option to enable the DNS setting options. Upon selecting this option, the
DNS settings box gets enabled.
Chapter 10: Configuring Secure Access Resource Policies
157