[EOL/EOE] Creating a VPN Group for a Policy-Based VPN Using NSM

To create a VPN group for a policy-based VPN using NSM, perform the following steps:

Step one: Add the devices as listed below. For more information, go to Create a Device in NSM.

Two Main Devices
- Main-Device-1
- Main-Device-2

Three Branch Devices
- Branch-Device1
- Branch-Device2
- Branch-Device3

Note: The following is an example of the five configured devices:

Image of note

Step two: Create Protected Resources for each of the devices. For more information, go to: NetScreen-Security Manager Administrators Guide.

Note: Example of Protected Resource for the Main Devices:

Image of Main Devices example

Note: Example of Protected Resource for Branch-Device1:

Image of Branch Device1 example

Note: Example of Protected Resource for Branch-Device2:

Image of Branch Device2 example

Note: Example of Protected Resource for Branch-Device3:

Image of Branch Device3 example

Step three: In the left pane, expand VPN Manager, and then click to select VPNs.

Image of step three

Step four: In the right pane, click the New button.

Image of step four

Step five: From the New menu, click AutoKey IKE VPN.

Image of step five

Step six: From the AutoKey IKE VPN dialog box, in the Name text box, enter a name for the VPN. Click OK.

Note: In this example, we named the VPN AE_All.

Image of step six

Step seven: From the left pane, expand VPNs, and then click to select the new VPN.

Image of step seven

Step eight: In the right pane, under Policy Based Configuration, click Protected Resource.

Image of step eight

Step nine: From the Protected Resource dialog box, click to select Protected Resource.

Note: After clicking Protected Resource, the other boxes will populate as well.

Image of step nine and ten

Step ten: Click OK.

Step eleven: In the right pane, under General Configuration, click Topology.

Image of step eleven

Step twelve: From the New Topology dialog box, under Mains, click to select the main devices. Under Branches, click to select the branch devices.

Image of step twelve and thirteen

Step thirteen: Click OK.

Step fourteen: From the Topology dialog box, click OK.

Image of step fourteen

Step fifteen: In the right pane, click Gateway Parameters.

Image of step fifteen

Step sixteen: From the AutoKey IKE VPN dialog box, enter values for Hello Interval (sec), Reconnect, and Threshold.

Image of step sixteen and seventeen

Step seventeen: Click OK.

Step eighteen: Click Save.

Image of step eighteen

Step nineteen: In the left pane, expand Device Manager, and then click to select FW/VPN Devices.

Image of step nineteen

Step twenty: From the FW/VPN Device Tree tab, right-click the device you want to edit, and then click Edit.

Image of step twenty

Step twenty-one: In the left pane, expand VPN Settings, and then click to select Gateway.

Image of step twenty-one

Step twenty-two: In the right pane, identify the VPN Gateway Name associated with both the devices.

Note: In this example, the names are as follows:

vpn-0@AE_All : Main-Device-1
vpn-4@AE_All : Main-Device-2

Image of step twenty-two

Step twenty-three: Click OK.

Image of step twenty-three

Step twenty-four: In the left pane, click to select AE_All.

Image of step twenty-four

Step twenty-five: In the right pane, click Device Configuration.

Image of step twenty-five

Step twenty-six: From the AutoKey IKE VPN dialog box, in the left pane, expand Branch-Device1, and then click to select VPN Group.

Image of step twenty-six

Step twenty-seven: In the right pane, click to select the VPN group, and then click the Edit button.

Image of step twenty-seven

Step twenty-eight: From the 1-VPN Group dialog box, edit the details as required.

Image of step twenty-eight and twenty-nine

Step twenty-nine: Click OK.

Step thirty: Click Save.

Image of step thirty

Step thirty-one: In the right pane, right-click Branch-Device1, and then click to select Update Device.

Image of step thirty-one

Step thirty-two: Step 26 through Step 31 for all branch devices.

Knowledge Base