Text Size:        

• Ask the KB
• Find answers in our KB
  
  Example: "Configure BGP"
  
• KB Article Feedback
• This article was easy to understand:

  Strongly Agree
  Agree
  Neutral
  Disagree
  Strongly Disagree
  

  This article was complete and accurate:

  Strongly Agree
  Agree
  Neutral
  Disagree
  Strongly Disagree
  

  How best can we improve this article?:

  
  

  What is your overall rating on this article?:

  Excellent
  Good
  Neutral
  Poor
  Very Poor
  

Configure Multiple NetScreen-Remote VPN Clients using the same IKE ID (KB ID: KB4772)

Back to Previous Page | Knowledge Base Home

Article URL

http://kb.juniper.net/KB4772

Synopsis

How do I create Multiple Dial Up VPN Users using the Same IKE ID?

Problem

Solution

This configuration example is using Shared IKE ID. This feature allows you to deploy and manage a large-scale distribution of NetScreen-Remote VPN Clients with minimal configuration on both the Juniper firewall and the NetScreen-Remote client. Administrators can deploy a single IKE tunnel ID for the NetScreen-Remote Clients and require each user to Authenticate with an individual ID. This saves administration work by:

• Providing IPSec protection with a common VPN tunnel configuration
• Eliminating the need to re-deploy a new group user id, should an employee leave the company

Assume two users, Mike and Joe, are trying to access a server on the trusted side of the Juniper Firewall. The Administrator wants to deploy a single VPN Dial Up User configuration and have each user authenticated individually.

To create a Multiple Dial Up VPN using the same IKE ID, perform the following steps:

Juniper Firewall Side

Configure an IP Pool for XAuth users. For more information on configuring an IP Pool for XAuth users, go to Configuring an IP Pool for XAuth Users.

Configure an IKE ID User without XAuth Authentication. For more information on configuring an IKE ID User without XAuth authentication, go to Configuring an IKE ID User without XAuth Authentication.

Configure XAuth Users with no IKE ID. For more information on configuring XAuth Users with no IKE ID, go to Configuring XAuth Users with no IKE ID.

Assign the IKE ID User from Step 2 to a new Dial Up User Group. For more information on assigning the IKE ID user to a new dial up user group, go to Assigning the IKE ID User to a New Dial Up User Group for a Multiple Dial Up VPN.

Configure the global XAuth settings. For more information on configuring global XAuth settings, go to Configuring Global XAuth Settings.

Configure a Phase 1 Gateway for a Multiple Dial Up VPN. For more information on configuring a Phase 1 Gateway, go to Configuring an IKE Phase 1 Gateway for a Multiple Dial Up VPN.

Configure an IKE Phase 2 Proposal for a Multiple Dial Up VPN. For more information on configuring an IKE Phase 2 VPN for a Multiple Dial Up VPN, go to Configuring an IKE Phase 2 Gateway for a Multiple Dial Up VPN.

Configure a Dial Up VPN Policy for a Multiple Dial Up VPN. For more information on configuring a Dial Up VPN Policy for a Multiple Dial Up VPN, go to Configuring a Dial Up VPN Policy for a Multiple Dial Up VPN.

NetScreen-Remote VPN Client Side

Configure the NetScreen-Remote client for a Multiple Dial Up VPN. For more information on configuring the NetScreen-Remote client for a Multiple Dial Up VPN, go to Configuring the NetScreen-Remote Client for a Multiple Dial Up VPN.

Category Description

By Product » Hardware » Firewalls » NetScreen Firewall/IPSec VPN
By Product » Software » Network Operating Systems » ScreenOS Software
By Network Technology » IP Protocols » Tunneling Protocols » IPSec

Purpose

Troubleshooting

Related Articles

Related Links

Related Files