•
Configure Tunnel Interface and Zone—You can bind the VPN tunnel to a tunnel interface
or tunnel zone to increase the number of available interfaces in the security device.
NOTE:
If the security device is running ScreenOS 5.x and configured in
transparent mode, you can only configure the zone (the interface does not
appear).
To use a tunnel interface and/or tunnel zone in your VPN, you must first create the
tunnel interface or zone on the device; for details, see “Configuring Tunnel Interfaces
and Tunnel Zones” on page 566 and the
Network and Security Manager Configuring
ScreenOS and IDP Devices Guide
.
•
Tunnel Zone. Select a preconfigured tunnel zone on the security devices to bind the
VPN tunnel directly to the tunnel zone. The tunnel zone must include one or more
numbered tunnel interfaces; when the security devices route VPN traffic to the tunnel
zone, the traffic uses one or more of the tunnel interfaces to reach the protected
resources.
•
Tunnel Interface. Select a preconfigured tunnel interface on the security devices to
bind the VPN tunnel to the tunnel interface. The security devices route all VPN traffic
through the tunnel interface to the protected resources.
•
Configure MIP, VIP, and Outgoing DIP
•
Enable MIP. Enable MIP to use a mapped IP address for the interface.
•
Global MIP. Select the global MIP object that represents the mapped IP address you
want to use for the interface.
•
Global VIP. Select the global VIP object that represents the virtual IP address you
want to use for the interface.
•
Global DIP (Outgoing). You can enable the security device to use a Dynamic IP pool
for outgoing VPN traffic. For each outgoing VPN packet, the device translates the
source address into a IP address selected from the DIP pool. Select the Global DIP
object that represents range of IP addresses available to the security device. (This
DIP pool must include IP address that are routeable on the Internet.)
Configuring L2TP
For L2TP RAS VPNs and L2TP over AutoKey IKE VPN protected resources, you must
configure L2TP settings.
To connect to an L2TP VPN tunnel, the L2TP RAS user uses the IP address and WINS/DNS
information assigned by the user’s ISP. However, when the L2TP RAS user sends VPN
traffic through the tunnel, the security device assigns a new IP address and WINS/DNS
information that enables the traffic to reach the destination network.
Below the Protected Resources pane, select
L2TP/NAT
to display the protecting security
devices for each protected resource. (If you are configuring an AutoKey IKE VPN or
AutoKey IKE RAS VPN, this option does not appear.) Select the device for which you
571
Copyright © 2010, Juniper Networks, Inc.
Chapter 12: Configuring VPNs
Содержание NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
Страница 6: ...Copyright 2010 Juniper Networks Inc vi...
Страница 36: ...Copyright 2010 Juniper Networks Inc xxxvi Network and Security Manager Administration Guide...
Страница 52: ...Copyright 2010 Juniper Networks Inc 2 Network and Security Manager Administration Guide...
Страница 90: ...Copyright 2010 Juniper Networks Inc 40 Network and Security Manager Administration Guide...
Страница 146: ...Copyright 2010 Juniper Networks Inc 96 Network and Security Manager Administration Guide...
Страница 236: ...Copyright 2010 Juniper Networks Inc 186 Network and Security Manager Administration Guide...
Страница 292: ...Copyright 2010 Juniper Networks Inc 242 Network and Security Manager Administration Guide...
Страница 314: ...Copyright 2010 Juniper Networks Inc 264 Network and Security Manager Administration Guide...
Страница 368: ...Copyright 2010 Juniper Networks Inc 318 Network and Security Manager Administration Guide...
Страница 370: ...Copyright 2010 Juniper Networks Inc 320 Network and Security Manager Administration Guide...
Страница 484: ...Copyright 2010 Juniper Networks Inc 434 Network and Security Manager Administration Guide...
Страница 584: ...Copyright 2010 Juniper Networks Inc 534 Network and Security Manager Administration Guide...
Страница 588: ...Copyright 2010 Juniper Networks Inc 538 Network and Security Manager Administration Guide...
Страница 600: ...Copyright 2010 Juniper Networks Inc 550 Network and Security Manager Administration Guide...
Страница 678: ...Copyright 2010 Juniper Networks Inc 628 Network and Security Manager Administration Guide...
Страница 694: ...Copyright 2010 Juniper Networks Inc 644 Network and Security Manager Administration Guide...
Страница 700: ...Copyright 2010 Juniper Networks Inc 650 Network and Security Manager Administration Guide...
Страница 706: ...Copyright 2010 Juniper Networks Inc 656 Network and Security Manager Administration Guide...
Страница 708: ...Copyright 2010 Juniper Networks Inc 658 Network and Security Manager Administration Guide...
Страница 758: ...Copyright 2010 Juniper Networks Inc 708 Network and Security Manager Administration Guide...
Страница 788: ...Copyright 2010 Juniper Networks Inc 738 Network and Security Manager Administration Guide...
Страница 882: ...Copyright 2010 Juniper Networks Inc 832 Network and Security Manager Administration Guide...
Страница 908: ...Copyright 2010 Juniper Networks Inc 858 Network and Security Manager Administration Guide...
Страница 918: ...Copyright 2010 Juniper Networks Inc 868 Network and Security Manager Administration Guide...
Страница 920: ...Copyright 2010 Juniper Networks Inc 870 Network and Security Manager Administration Guide...
Страница 1005: ...PART 6 Index Index on page 957 955 Copyright 2010 Juniper Networks Inc...
Страница 1006: ...Copyright 2010 Juniper Networks Inc 956 Network and Security Manager Administration Guide...