Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Configure Multiple NetScreen-Remote VPN Clients using the same IKE ID

0

0

Article ID: KB4772 KB Last Updated: 28 Jun 2010Version: 5.0
Summary:
How do I create Multiple Dial Up VPN Users using the Same IKE ID?
Symptoms:

Solution:
This configuration example is using Shared IKE ID. This feature allows you to deploy and manage a large-scale distribution of NetScreen-Remote VPN Clients with minimal configuration on both the Juniper firewall and the NetScreen-Remote client. Administrators can deploy a single IKE tunnel ID for the NetScreen-Remote Clients and require each user to Authenticate with an individual ID. This saves administration work by:
  • Providing IPSec protection with a common VPN tunnel configuration
  • Eliminating the need to re-deploy a new group user id, should an employee leave the company

Note: Assume two users, Mike and Joe, are trying to access a server on the trusted side of the Juniper Firewall. The Administrator wants to deploy a single VPN Dial Up User configuration and have each user authenticated individually.

Image of note

To create a Multiple Dial Up VPN using the same IKE ID, perform the following steps:

Juniper Firewall Side

Step one: Configure an IP Pool for XAuth users. For more information on configuring an IP Pool for XAuth users, go to Configuring an IP Pool for XAuth Users.

Step two: Configure an IKE ID User without XAuth Authentication. For more information on configuring an IKE ID User without XAuth authentication, go to Configuring an IKE ID User without XAuth Authentication.

Step three: Configure XAuth Users with no IKE ID. For more information on configuring XAuth Users with no IKE ID, go to Configuring XAuth Users with no IKE ID.

Step four: Assign the IKE ID User from Step 2 to a new Dial Up User Group. For more information on assigning the IKE ID user to a new dial up user group, go to Assigning the IKE ID User to a New Dial Up User Group for a Multiple Dial Up VPN.

Configure the global XAuth settings. For more information on configuring global XAuth settings, go to Configuring Global XAuth Settings.

Configure a Phase 1 Gateway for a Multiple Dial Up VPN. For more information on configuring a Phase 1 Gateway, go to Configuring an IKE Phase 1 Gateway for a Multiple Dial Up VPN.

Configure an IKE Phase 2 Proposal for a Multiple Dial Up VPN. For more information on configuring an IKE Phase 2 VPN for a Multiple Dial Up VPN, go to Configuring an IKE Phase 2 Gateway for a Multiple Dial Up VPN.

 Configure a Dial Up VPN Policy for a Multiple Dial Up VPN. For more information on configuring a Dial Up VPN Policy for a Multiple Dial Up VPN, go to Configuring a Dial Up VPN Policy for a Multiple Dial Up VPN.

NetScreen-Remote VPN Client Side

Configure the NetScreen-Remote client for a Multiple Dial Up VPN. For more information on configuring the NetScreen-Remote client for a Multiple Dial Up VPN, go to Configuring the NetScreen-Remote Client for a Multiple Dial Up VPN.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search