•
Select the devices to act at mains; these devices can communicate with all other
VPN members.
•
Select remaining devices as branches; these devices communicate with all mains.
•
Full Mesh—Select all VPN members to act as mains. All members can communicate
with any other VPN member. Do not select a hub.
•
Site to Site—Select both VPN members as mains. Each member can communicate
with the other VPN member. Do not select a hub.
Defining Termination Points
You must define the termination interface for each security device in the VPN. The
Termination Points tab displays the default termination points for the VPN. A termination
point is the interface on a security device that sends and receives VPN traffic to and from
the VPN tunnel, and is typically in the Untrust zone. Each VPN member (the security
devices included as routing-based members and/or as protected resources for
policy-based members) has a default termination interface.
NOTE:
You do not need to select the serial interface on a NetScreen-5GT
security device to enable dial backup for the VPN tunnel. If you have enabled
Dial Backup for the device in the Route-Based Configuration area, VPN
Manager automatically generates the termination point for the serial interface
during VPN creation.
To override the default termination interface, right-click the VPN member, select Edit,
and select a new termination interface for the device.
Configuring Gateways
To configure the gateways for VPN, click the
Gateway Parameters
link.
Configuring Gateway Properties
In the Properties tab, specify the following gateway values.
Selecting a Mode
The mode determines how Phase 1 negotiations occur. Select the mode that meets your
VPN requirements:
•
Main mode—The IKE identity of each node is protected. Each node sends three two-way
messages (six messages total); the first two messages negotiate encryption and
authentication algorithms that protect subsequent messages, including the IKE identity
exchange between the nodes. Depending on the speed of your network connection
and the encryption and authentication algorithms you use, main mode negotiations
can take a long time to complete. Use Main mode when security is more important.
•
Aggressive mode—The IKE identity of each node is not protected. The initiating node
sends two messages and the receiving node sends one (three messages total); all
messages are sent in the clear, including the IKE identity exchange between the nodes.
Copyright © 2010, Juniper Networks, Inc.
576
Network and Security Manager Administration Guide
Summary of Contents for NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
Page 6: ...Copyright 2010 Juniper Networks Inc vi...
Page 36: ...Copyright 2010 Juniper Networks Inc xxxvi Network and Security Manager Administration Guide...
Page 52: ...Copyright 2010 Juniper Networks Inc 2 Network and Security Manager Administration Guide...
Page 90: ...Copyright 2010 Juniper Networks Inc 40 Network and Security Manager Administration Guide...
Page 146: ...Copyright 2010 Juniper Networks Inc 96 Network and Security Manager Administration Guide...
Page 236: ...Copyright 2010 Juniper Networks Inc 186 Network and Security Manager Administration Guide...
Page 292: ...Copyright 2010 Juniper Networks Inc 242 Network and Security Manager Administration Guide...
Page 314: ...Copyright 2010 Juniper Networks Inc 264 Network and Security Manager Administration Guide...
Page 368: ...Copyright 2010 Juniper Networks Inc 318 Network and Security Manager Administration Guide...
Page 370: ...Copyright 2010 Juniper Networks Inc 320 Network and Security Manager Administration Guide...
Page 484: ...Copyright 2010 Juniper Networks Inc 434 Network and Security Manager Administration Guide...
Page 584: ...Copyright 2010 Juniper Networks Inc 534 Network and Security Manager Administration Guide...
Page 588: ...Copyright 2010 Juniper Networks Inc 538 Network and Security Manager Administration Guide...
Page 600: ...Copyright 2010 Juniper Networks Inc 550 Network and Security Manager Administration Guide...
Page 678: ...Copyright 2010 Juniper Networks Inc 628 Network and Security Manager Administration Guide...
Page 694: ...Copyright 2010 Juniper Networks Inc 644 Network and Security Manager Administration Guide...
Page 700: ...Copyright 2010 Juniper Networks Inc 650 Network and Security Manager Administration Guide...
Page 706: ...Copyright 2010 Juniper Networks Inc 656 Network and Security Manager Administration Guide...
Page 708: ...Copyright 2010 Juniper Networks Inc 658 Network and Security Manager Administration Guide...
Page 758: ...Copyright 2010 Juniper Networks Inc 708 Network and Security Manager Administration Guide...
Page 788: ...Copyright 2010 Juniper Networks Inc 738 Network and Security Manager Administration Guide...
Page 882: ...Copyright 2010 Juniper Networks Inc 832 Network and Security Manager Administration Guide...
Page 908: ...Copyright 2010 Juniper Networks Inc 858 Network and Security Manager Administration Guide...
Page 918: ...Copyright 2010 Juniper Networks Inc 868 Network and Security Manager Administration Guide...
Page 920: ...Copyright 2010 Juniper Networks Inc 870 Network and Security Manager Administration Guide...
Page 1005: ...PART 6 Index Index on page 957 955 Copyright 2010 Juniper Networks Inc...
Page 1006: ...Copyright 2010 Juniper Networks Inc 956 Network and Security Manager Administration Guide...