Knowledge Search


×
 

Configure Multiple NetScreen-Remote VPN Clients using the same IKE ID

  [KB4772] Show Article Properties


Summary:
How do I create Multiple Dial Up VPN Users using the Same IKE ID?
Symptoms:

Solution:
This configuration example is using Shared IKE ID. This feature allows you to deploy and manage a large-scale distribution of NetScreen-Remote VPN Clients with minimal configuration on both the Juniper firewall and the NetScreen-Remote client. Administrators can deploy a single IKE tunnel ID for the NetScreen-Remote Clients and require each user to Authenticate with an individual ID. This saves administration work by:
  • Providing IPSec protection with a common VPN tunnel configuration
  • Eliminating the need to re-deploy a new group user id, should an employee leave the company

Note: Assume two users, Mike and Joe, are trying to access a server on the trusted side of the Juniper Firewall. The Administrator wants to deploy a single VPN Dial Up User configuration and have each user authenticated individually.

Image of note

To create a Multiple Dial Up VPN using the same IKE ID, perform the following steps:

Juniper Firewall Side

Step one: Configure an IP Pool for XAuth users. For more information on configuring an IP Pool for XAuth users, go to Configuring an IP Pool for XAuth Users.

Step two: Configure an IKE ID User without XAuth Authentication. For more information on configuring an IKE ID User without XAuth authentication, go to Configuring an IKE ID User without XAuth Authentication.

Step three: Configure XAuth Users with no IKE ID. For more information on configuring XAuth Users with no IKE ID, go to Configuring XAuth Users with no IKE ID.

Step four: Assign the IKE ID User from Step 2 to a new Dial Up User Group. For more information on assigning the IKE ID user to a new dial up user group, go to Assigning the IKE ID User to a New Dial Up User Group for a Multiple Dial Up VPN.

Configure the global XAuth settings. For more information on configuring global XAuth settings, go to Configuring Global XAuth Settings.

Configure a Phase 1 Gateway for a Multiple Dial Up VPN. For more information on configuring a Phase 1 Gateway, go to Configuring an IKE Phase 1 Gateway for a Multiple Dial Up VPN.

Configure an IKE Phase 2 Proposal for a Multiple Dial Up VPN. For more information on configuring an IKE Phase 2 VPN for a Multiple Dial Up VPN, go to Configuring an IKE Phase 2 Gateway for a Multiple Dial Up VPN.

 Configure a Dial Up VPN Policy for a Multiple Dial Up VPN. For more information on configuring a Dial Up VPN Policy for a Multiple Dial Up VPN, go to Configuring a Dial Up VPN Policy for a Multiple Dial Up VPN.

NetScreen-Remote VPN Client Side

Configure the NetScreen-Remote client for a Multiple Dial Up VPN. For more information on configuring the NetScreen-Remote client for a Multiple Dial Up VPN, go to Configuring the NetScreen-Remote Client for a Multiple Dial Up VPN.
Related Links: