Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EOL/EOE] Creating a VPN Group for a Policy-Based VPN Using NSM

0

0

Article ID: KB4911 KB Last Updated: 18 Oct 2020Version: 5.0
Summary:
Note: A product listed in this article has either reached hardware End of Life (EOL) OR software End of Engineering (EOE).  Refer to End of Life Products & Milestones for the EOL, EOE, and End of Support (EOS) dates.
Creating a VPN Group for a Policy-Based VPN Using NSM
Solution:

To create a VPN group for a policy-based VPN using NSM, perform the following steps:

Step one: Add the devices as listed below. For more information, go to Create a Device in NSM.

  • Two Main Devices
    • Main-Device-1
    • Main-Device-2
  • Three Branch Devices
    • Branch-Device1
    • Branch-Device2
    • Branch-Device3

Note: The following is an example of the five configured devices:

Image of note

Step two: Create Protected Resources for each of the devices. For more information, go to: NetScreen-Security Manager Administrators Guide.

Note: Example of Protected Resource for the Main Devices:

Image of Main Devices example

Note: Example of Protected Resource for Branch-Device1:

Image of Branch Device1 example

Note: Example of Protected Resource for Branch-Device2:

Image of Branch Device2 example

Note: Example of Protected Resource for Branch-Device3:

Image of Branch Device3 example

Step three: In the left pane, expand VPN Manager, and then click to select VPNs.

Image of step three

Step four: In the right pane, click the New button.

Image of step four

Step five: From the New menu, click AutoKey IKE VPN.

Image of step five

Step six: From the AutoKey IKE VPN dialog box, in the Name text box, enter a name for the VPN. Click OK.

Note: In this example, we named the VPN AE_All.

Image of step six

Step seven: From the left pane, expand VPNs, and then click to select the new VPN.

Image of step seven

Step eight: In the right pane, under Policy Based Configuration, click Protected Resource.

Image of step eight

Step nine: From the Protected Resource dialog box, click to select Protected Resource.

Note: After clicking Protected Resource, the other boxes will populate as well.

Image of step nine and ten

Step ten: Click OK.

Step eleven: In the right pane, under General Configuration, click Topology.

Image of step eleven

Step twelve: From the New Topology dialog box, under Mains, click to select the main devices. Under Branches, click to select the branch devices.

Image of step twelve and thirteen

Step thirteen: Click OK.

Step fourteen: From the Topology dialog box, click OK.

Image of step fourteen

Step fifteen: In the right pane, click Gateway Parameters.

Image of step fifteen

Step sixteen: From the AutoKey IKE VPN dialog box, enter values for Hello Interval (sec), Reconnect, and Threshold.

Image of step sixteen and seventeen

Step seventeen: Click OK.

Step eighteen: Click Save.

Image of step eighteen

Step nineteen: In the left pane, expand Device Manager, and then click to select FW/VPN Devices.

Image of step nineteen

Step twenty: From the FW/VPN Device Tree tab, right-click the device you want to edit, and then click Edit.

Image of step twenty

Step twenty-one: In the left pane, expand VPN Settings, and then click to select Gateway.

Image of step twenty-one

Step twenty-two: In the right pane, identify the VPN Gateway Name associated with both the devices.

Note: In this example, the names are as follows:

  • vpn-0@AE_All : Main-Device-1
  • vpn-4@AE_All : Main-Device-2

Image of step twenty-two

Step twenty-three: Click OK.

Image of step twenty-three

Step twenty-four: In the left pane, click to select AE_All.

Image of step twenty-four

Step twenty-five: In the right pane, click Device Configuration.

Image of step twenty-five

Step twenty-six: From the AutoKey IKE VPN dialog box, in the left pane, expand Branch-Device1, and then click to select VPN Group.

Image of step twenty-six

Step twenty-seven: In the right pane, click to select the VPN group, and then click the Edit button.

Image of step twenty-seven

Step twenty-eight: From the 1-VPN Group dialog box, edit the details as required.

Image of step twenty-eight and twenty-nine

Step twenty-nine: Click OK.

Step thirty: Click Save.

Image of step thirty

Step thirty-one: In the right pane, right-click Branch-Device1, and then click to select Update Device.

Image of step thirty-one

Step thirty-two: Step 26 through Step 31 for all branch devices.

Modification History:
2020-10-18: Tagged article for EOL/EOE.
 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search