Technical Documentation

Creating VPN Profiles


To create a new VPN Profile, perform the following steps:

  1. From the Security Design task ribbon, select Security Whiteboard > IPSec VPN > VPN Profile. The Manage VPN Profiles inventory panel is displayed with the icons for all the VPN profiles as shown in Figure 1. The first two profiles listed here are Juniper Networks defined VPN profiles.

    Figure 1: Default VPN Profiles

    Image s001552.gif

  2. From the task ribbon, select the Create VPN Profile icon. The General panel of the Create VPN Profile window is displayed as shown in the Figure 2.

    Figure 2: Creating a VPN Profile

    Image s001553.gif


    Creating a VPN profile involves the following tasks:


    • Specifying the general settings
    • Specifying the IKE/IPSec settings
    • Specifying the connectivity parameters

Specifying the general settings

To specify the general settings for the VPN profile:

  1. In the General Section:
    1. In the Name field, enter a name for the new VPN profile.
    2. In the Description field, enter a description for the new VPN profile.
  2. In the VPN Proposal section:
    1. Choose a proposal you intend to use. To choose one of the Juniper Networks defined proposals, select the Predefined radio button.
    2. Drag the slider to the intended position on the Predefined Proposals slider bar. You can choose to place the slider at the High, Medium or Low markers to choose the associated proposals, as shown in the Figure 3. Mouse over on ‘High’, ‘Medium’ and ‘Low’ text to get a tool tip description about the respective predefined proposal.

      Figure 3: Choosing a Default VPN Proposal

      Image s001554.gif

    3. To choose a custom VPN proposal you have created using the Create VPN Proposal Wizard, select the Custom radio button. The VPN Proposal section refreshes. You can choose a custom VPN proposal or create new VPN proposals.
    4. From the Custom Proposals drop-down menu, choose a custom VPN proposal that you have already created and stored, as shown in Figure 4.

      Figure 4: Choosing a Custom VPN Proposal

      Image s001555.gif

    5. If you want to add a new VPN proposal, click Add New Proposal. This re-directs you to the VPN Proposal creation page. For more information on creating a VPN proposal , see Creating VPN Proposals.
  3. Click Next to continue. The IKE/IPSec Setting panel of the Create VPN Profile window is displayed.

Specifying the IKE/IPSec settings

To specify the IKE settings in the IKE Settings section:

  1. Select the Main radio button or the Aggressive radio button to select the mode of authentication, as shown in Figure 5.

    Figure 5: Specifying IKE Settings

    Image s001557.gif

  2. From the IKE Identity drop-down menu, select an appropriate mode to identify IKE peers.
  3. Select how the pre-shared key is generated by choosing appropriate the radio button.
    1. Select the Auto Generate radio button to auto-generate the pre-shared key.
    2. Select the Manual radio button to specify a pre-shared key manually.
    3. Enter the pre-shared key in the Key Phrase field.
  4. To configure advanced IKE settings, click Advanced IKE Settings. The Advanced IKE Settings dialog box is displayed, as shown in Figure 6.

    Figure 6: Specifying Advanced IKE Settings

    Image s001558.gif

  5. In the NAT section:
    1. Select/Clear the Enable NAT Traversal check box to enable/disable the NAT traversal feature respectively.
    2. In the Keep Alive Interval (secs) field, enter a value in seconds. You can also increase or decrease the value currently displayed by selecting the upward or downward pointing arrows respectively.
  6. In the Dead Peer Detection section:
    1. Select/Clear the Enable DPD check box to enable/disable the Dead Peer Detection feature respectively.
    2. Select/Clear the Always Send check box to enable/disable the Always Send feature respectively.
    3. c. In the Interval (secs) field, enter a value in seconds. You can also increase or decrease the value currently displayed by selecting the upward or downward pointing arrows respectively.
    4. In the Threshold field, enter a value. You can also increase or decrease the value currently displayed by selecting the upward or downward pointing arrows respectively.
  7. Click OK to save these settings.

To specify the IPSec settings in the IPSec Settings section:

  1. Select/Clear the Use Proxy ID check box to enable/disable the Proxy ID feature respectively.
  2. To configure advanced IPSec settings, click Advanced IPSec Settings. The Advanced IPSec Settings dialog box is displayed, as shown in Figure 7.

    Figure 7: Specifying Advanced IPSec Settings

    Image s001559.gif

  3. In the Idle Time (secs) field, enter a value in seconds. You can also increase or decrease the value currently displayed by selecting the upward or downward pointing arrows respectively.
  4. In the Install Interval (secs) field, enter a value in seconds. You can also increase or decrease the value currently displayed by selecting the upward or downward pointing arrows respectively.
  5. Select/Clear the Enable Anti Replay check box to enable/disable the Anti Replay feature respectively.
  6. Select an appropriate option from the DF Bit field. This option specifies if a router is allowed to fragment a packet.
  7. Select/Clear the Enable VPN Monitor check box to enable/disable the Enable VPN Monitor feature respectively. Configure the following options In the VPN Monitor section.
    1. In the Interval (secs) field, enter a value in seconds. You can also increase or decrease the value currently displayed by selecting the upward or downward pointing arrows respectively.
    2. In the Threshold field, enter a value. You can also increase or decrease the value currently displayed by selecting the upward or downward pointing arrows respectively.
  8. Click OK to save these settings.
  9. Click Next to continue. The Connectivity Parameters panel of the Create VPN Profile window is displayed.

Specifying the connectivity parameters

To specify the connection parameters in the Connectivity Parameters Panel:

  1. In the Tunnel Interface Settings section:
    1. From the Interface Type drop-down menu, select whether the interface is numbered or unnumbered, as shown in Figure 8.

      Figure 8: Specifying Connectivity Parameters

      Image s001560.gif

    2. In the Interface Zone section, enter the name for the interface zone.
    3. Select/Clear the Enable Multipoint check box to specify if you want to enable/diable a multipoint interface for this VPN profile.
  2. Click Finish to save the VPN profile.

Published: 2010-06-07

Help
|
My Account
|
Log Out