KB Home KB Home Back to all Knowledge Base Browse Knowledge Base Categories Printer Friendly Version Printer Friendly

How to configure a Policy for a VPN
Knowledge Base ID: KB4130
Version: 5.0
Published: 07 Oct 2008
Updated: 07 Oct 2008
Categories: . Firewall/IPSec_VPN
. IPSec
. ScreenOS

Synopsis:
This article contains information on configuring a Policy for the Local Site of a Site-to-Site Policy Based VPN

Solution:

To configure a policy for the local site, perform the following steps:

Step one: Open the WebUI. For more information on accessing the WebUI, consult: KB4060 - Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI

Step two: From the Juniper firewall menu, click Policies.

Image of step two

Step three: From the Policies page, in the From drop-down menu, click to select Trust, and in the To drop-down menu, click to select Untrust.

Image of step three and four

Step four: Click New.

Step five: From Source Address, in the New Address text box, enter the local network address.

Note: In this example, we entered 192.168.1.0/24.

Image of step five and six

Step six: From Destination Address, in the New Address text box, enter the remote network address.

Note: In this example, we entered 10.1.1.0/24.

Step seven: From the Action drop-down menu, click to select Tunnel.

Image of step seven and eight

Step eight: From the Tunnel drop-down menu, click to choose the VPN tunnel.

Note: For this example, we selected vpntunnel1.

Step nine: Click to select Modify matching bidirectional VPN policy.

Image of step nine and ten

Step ten: Click to select Position at Top.

Step eleven: Click OK.

Image of step eleven


Purpose:
Troubleshooting

ASK THE KB
Question or KB ID:



RELATED TOPICS