Support


Changes between Version 4 and Version 5 of HowtoJuniperSsg

Show
Ignore:
Timestamp:
04/05/09 17:19:53 (17 months ago)
Author:
admin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • HowtoJuniperSsg

    v4 v5  
    2020Create a user that is used to define the phase1 id parameters. Navigate to the following screen using the tree pane on the left hand side of the browser interface. 
    2121 
    22 [[Image(http://www.shrew.net/vpn/howto/JuniperSsg/nav-1.jpg)]] 
     22[[Image(http://www.shrew.net/static/howto/JuniperSsg/nav-1.jpg)]] 
    2323 
    2424Click the New button and define the following parameters. 
     
    3131  * IKE Identity = client.domain.com 
    3232 
    33 [[Image(http://www.shrew.net/vpn/howto/JuniperSsg/ssg-1.jpg)]] 
     33[[Image(http://www.shrew.net/static/howto/JuniperSsg/ssg-1.jpg)]] 
    3434 
    3535 === Create a Local Key Group === 
     
    3737Create a Local Group that can be assigned to an Auto Key Advanced Gateway. Navigate to the following screen using the tree pane on the left hand side of the browser interface. 
    3838 
    39 [[Image(http://www.shrew.net/vpn/howto/JuniperSsg/nav-2.jpg)]] 
     39[[Image(http://www.shrew.net/static/howto/JuniperSsg/nav-2.jpg)]] 
    4040 
    4141Click the New button and define the group name as vpnclient_group. Also add the vpnclient_ph1id user object as a group member. 
    4242 
    43 [[Image(http://www.shrew.net/vpn/howto/JuniperSsg/ssg-2.jpg)]] 
     43[[Image(http://www.shrew.net/static/howto/JuniperSsg/ssg-2.jpg)]] 
    4444 
    4545 === Create an Auto Key Advanced Gateway === 
     
    4747Create an auto key advanced gateway to configure the phase1 parameters. Navigate to the following screen using the tree pane on the left hand side of the browser interface. 
    4848 
    49 [[Image(http://www.shrew.net/vpn/howto/JuniperSsg/nav-3.jpg)]] 
     49[[Image(http://www.shrew.net/static/howto/JuniperSsg/nav-3.jpg)]] 
    5050 
    5151Click the New button and define the following parameters. 
     
    5858 * Local ID = vpngw.domain.com 
    5959 
    60 [[Image(http://www.shrew.net/vpn/howto/JuniperSsg/ssg-3a.jpg)]] 
     60[[Image(http://www.shrew.net/static/howto/JuniperSsg/ssg-3a.jpg)]] 
    6161 
    6262 ==== Define Advanced Parameters ==== 
     
    7979When finished click Return. 
    8080 
    81 [[Image(http://www.shrew.net/vpn/howto/JuniperSsg/ssg-3b.jpg)]] 
     81[[Image(http://www.shrew.net/static/howto/JuniperSsg/ssg-3b.jpg)]] 
    8282 
    8383 ==== Define Xauth Parameters ==== 
     
    8585You will now see your auto key advanced gateway listed. Click non the Xauth button in the Configure column. 
    8686 
    87 [[Image(http://www.shrew.net/vpn/howto/JuniperSsg/nav-4.jpg)]] 
     87[[Image(http://www.shrew.net/static/howto/JuniperSsg/nav-4.jpg)]] 
    8888 
    8989Define the following parameters. 
     
    9696When finished click OK. 
    9797 
    98 [[Image(http://www.shrew.net/vpn/howto/JuniperSsg/ssg-4.jpg)]] 
     98[[Image(http://www.shrew.net/static/howto/JuniperSsg/ssg-4.jpg)]] 
    9999 
    100100 === Create an Auto Key IKE Gateway === 
     
    102102Create an auto key IKE gateway to configure the phase2 parameters. Navigate to the following screen using the tree pane on the left hand side of the browser interface. 
    103103 
    104 [[Image(http://www.shrew.net/vpn/howto/JuniperSsg/nav-5.jpg)]] 
     104[[Image(http://www.shrew.net/static/howto/JuniperSsg/nav-5.jpg)]] 
    105105 
    106106Clicking the New button and define the following parameters. 
     
    110110 * Remote Gateway Predefined = vpnclient_gateway 
    111111 
    112 [[Image(http://www.shrew.net/vpn/howto/JuniperSsg/ssg-5a.jpg)]] 
     112[[Image(http://www.shrew.net/static/howto/JuniperSsg/ssg-5a.jpg)]] 
    113113 
    114114 ==== Define Advanced Parameters ==== 
     
    125125When finished click Return. 
    126126 
    127 [[Image(http://www.shrew.net/vpn/howto/JuniperSsg/ssg-5b.jpg)]] 
     127[[Image(http://www.shrew.net/static/howto/JuniperSsg/ssg-5b.jpg)]] 
    128128 
    129129 == Create a Client Address Pool == 
     
    131131Create a pool of addresses to be assigned to VPN clients. Navigate to the following screen using the tree pane on the left hand side of the browser interface. 
    132132 
    133 [[Image(http://www.shrew.net/vpn/howto/JuniperSsg/nav-6.jpg)]] 
     133[[Image(http://www.shrew.net/static/howto/JuniperSsg/nav-6.jpg)]] 
    134134 
    135135Clicking the New button and define an IP Pool. For example, you could define a pool  
    136136named vpnclient with a start IP address of 10.2.21.1 and and end address of 10.2.21.254. 
    137137 
    138 [[Image(http://www.shrew.net/vpn/howto/JuniperSsg/ssg-6.jpg)]] 
     138[[Image(http://www.shrew.net/static/howto/JuniperSsg/ssg-6.jpg)]] 
    139139 
    140140 == Set Client Configuration Parameters == 
     
    143143parameters. Navigate to the following screen using the tree pane on the left hand side of the browser interface. 
    144144 
    145 [[Image(http://www.shrew.net/vpn/howto/JuniperSsg/nav-7.jpg)]] 
     145[[Image(http://www.shrew.net/static/howto/JuniperSsg/nav-7.jpg)]] 
    146146 
    147147Define the following parameters. 
     
    157157 * WINS Secondary Server IP = [ private WINS secondary address ] 
    158158 
    159 [[Image(http://www.shrew.net/vpn/howto/JuniperSsg/ssg-7.jpg)]] 
     159[[Image(http://www.shrew.net/static/howto/JuniperSsg/ssg-7.jpg)]] 
    160160 
    161161 == Configure IPsec Policies == 
     
    163163The last step for the tunnel configuration is to define policies that allow protected traffic to pass into your private network from the client. Navigate to the following screen using the tree pane on the left hand side of the browser interface. 
    164164 
    165 [[Image(http://www.shrew.net/vpn/howto/JuniperSsg/nav-8.jpg)]] 
     165[[Image(http://www.shrew.net/static/howto/JuniperSsg/nav-8.jpg)]] 
    166166 
    167167To create a new IPsec Policy, the from and to zones must be specified. An IPsec VPN Client policy is defined. Select the following zones and click the New button. 
     
    170170 * To = Trust 
    171171 
    172 [[Image(http://www.shrew.net/vpn/howto/JuniperSsg/ssg-8a.jpg)]] 
     172[[Image(http://www.shrew.net/static/howto/JuniperSsg/ssg-8a.jpg)]] 
    173173 
    174174Define the following parameters. 
     
    184184 * Tunnel = vpnclient_tunnel [ Auto Key IKE vpn name ] 
    185185 
    186 [[Image(http://www.shrew.net/vpn/howto/JuniperSsg/ssg-8b.jpg)]] 
     186[[Image(http://www.shrew.net/static/howto/JuniperSsg/ssg-8b.jpg)]] 
    187187 
    188188 == Create Local User Accounts == 
     
    190190Create local user accounts that will be used during Xauth. Navigate to the following screen using the tree pane on the left hand side of the browser interface. 
    191191 
    192 [[Image(http://www.shrew.net/vpn/howto/JuniperSsg/nav-1.jpg)]] 
     192[[Image(http://www.shrew.net/static/howto/JuniperSsg/nav-1.jpg)]] 
    193193 
    194194Click the new button and define the following parameters. 
     
    202202When finished press OK. 
    203203 
    204 [[Image(http://www.shrew.net/vpn/howto/JuniperSsg/ssg-9.jpg)]] 
     204[[Image(http://www.shrew.net/static/howto/JuniperSsg/ssg-9.jpg)]] 
    205205 
    206206== Client Configuration == 
     
    242242== Resources == 
    243243 
    244  * [http://www.shrew.net/vpn/howto/JuniperSsg/juniperssg.vpn Example Client configuration] 
     244 * [http://www.shrew.net/static/howto/JuniperSsg/juniperssg.vpn Example Client configuration]