•
Dial Backup. When enabled, VPN Manager displays the dial backup option for
route-based components (dial backup is supported only on NetScreen-5GT
devices running ScreenOS 5.1 and later).
3.
Click
OK
to save the VPN and return to VPN Manager.
Configuring Members
The second step in configuring your VPN is to add members to the VPN. Depending on
the type of VPN you are creating, you can add protected resources, security devices,
and/or RAS users as VPN members.
Adding Policy-Based Members
In policy-based configuration area, you can add protected resources to the VPN. Click
Protected Resources
link and select the predefined Protected Resources you want to
include in the VPN.
After you have added the protected resources, you can configure NAT and/or L2TP
settings on the security device that protects each resource:
•
For L2TP RAS VPNs and L2TP over AutoKey IKE VPN protected resources, you must
configure L2TP settings.
•
For all protected resources, you can configure policy-based NAT. Use policy-based
NAT to translate private source IP addresses to Internet-routeable IP addresses.
Configuring NAT is optional; if you do not use NAT on your network, you do not need
to configure NAT for the VPN.
The following sections detail how to configure NAT and L2TP.
Configuring NAT
Below the Protected Resources window, select
NAT
to display the protecting security
devices for each protected resource. Select the device for which you want to configure
NAT. Enable NAT and specify the following values (you cannot edit the name of the
device or the zone that contains the protected resource).
•
Configure Incoming DIP—You can enable the security device to use a Dynamic IP pool
for incoming VPN traffic. For each incoming VPN packet, the device translates the
destination address into a IP address that is selected from the DIP pool.
•
Interface for Incoming DIP. Select the interface that receives traffic addressed to
Dynamic IP addresses.
•
Incoming Global DIP. Select the Global DIP object that represents range of IP
addresses available to the security device. (This DIP pool must include IP addresses
that are routeable on your internal network.)
For details on configuring DIP objects.
•
Configure Tunnel Interface and Zone—You can bind the VPN tunnel to a tunnel interface
or tunnel zone to increase the number of available interfaces in the security device.
Copyright © 2010, Juniper Networks, Inc.
562
Network and Security Manager Administration Guide
Содержание NETWORK AND SECURITY MANAGER 2010.3
Страница 6: ...Copyright 2010 Juniper Networks Inc vi...
Страница 36: ...Copyright 2010 Juniper Networks Inc xxxvi Network and Security Manager Administration Guide...
Страница 52: ...Copyright 2010 Juniper Networks Inc 2 Network and Security Manager Administration Guide...
Страница 90: ...Copyright 2010 Juniper Networks Inc 40 Network and Security Manager Administration Guide...
Страница 144: ...Copyright 2010 Juniper Networks Inc 94 Network and Security Manager Administration Guide...
Страница 146: ...Copyright 2010 Juniper Networks Inc 96 Network and Security Manager Administration Guide...
Страница 234: ...Copyright 2010 Juniper Networks Inc 184 Network and Security Manager Administration Guide...
Страница 310: ...Copyright 2010 Juniper Networks Inc 260 Network and Security Manager Administration Guide...
Страница 364: ...Copyright 2010 Juniper Networks Inc 314 Network and Security Manager Administration Guide...
Страница 366: ...Copyright 2010 Juniper Networks Inc 316 Network and Security Manager Administration Guide...
Страница 478: ...Copyright 2010 Juniper Networks Inc 428 Network and Security Manager Administration Guide...
Страница 576: ...Copyright 2010 Juniper Networks Inc 526 Network and Security Manager Administration Guide...
Страница 580: ...Copyright 2010 Juniper Networks Inc 530 Network and Security Manager Administration Guide...
Страница 592: ...Copyright 2010 Juniper Networks Inc 542 Network and Security Manager Administration Guide...
Страница 684: ...Copyright 2010 Juniper Networks Inc 634 Network and Security Manager Administration Guide...
Страница 690: ...Copyright 2010 Juniper Networks Inc 640 Network and Security Manager Administration Guide...
Страница 696: ...Copyright 2010 Juniper Networks Inc 646 Network and Security Manager Administration Guide...
Страница 698: ...Copyright 2010 Juniper Networks Inc 648 Network and Security Manager Administration Guide...
Страница 748: ...Copyright 2010 Juniper Networks Inc 698 Network and Security Manager Administration Guide...
Страница 778: ...Copyright 2010 Juniper Networks Inc 728 Network and Security Manager Administration Guide...
Страница 870: ...Copyright 2010 Juniper Networks Inc 820 Network and Security Manager Administration Guide...
Страница 872: ...Copyright 2010 Juniper Networks Inc 822 Network and Security Manager Administration Guide...
Страница 898: ...Copyright 2010 Juniper Networks Inc 848 Network and Security Manager Administration Guide...
Страница 908: ...Copyright 2010 Juniper Networks Inc 858 Network and Security Manager Administration Guide...
Страница 910: ...Copyright 2010 Juniper Networks Inc 860 Network and Security Manager Administration Guide...
Страница 995: ...PART 6 Index Index on page 947 945 Copyright 2010 Juniper Networks Inc...
Страница 996: ...Copyright 2010 Juniper Networks Inc 946 Network and Security Manager Administration Guide...