Advanced Juniper Networks IPSec VPN Implementations

Course No: EDU-JUN-AJVI

Length: Two days

Cost: $2,000 (US) Schedule and Registration

Course Overview

This two-day, intermediate-level course focuses on the wide range of options available when configuring VPNs using Juniper Networks firewall/VPN products. Students attending the course will learn these various deployments through detailed lectures and hands-on lab exercises.

Objectives

After successfully completing this course, you should be able to:

• Configure LAN-to-LAN IPSec VPNs in various configurations.
• Configure VPN redundancy.
• Configure dynamic routing using IPSec VPNs.
• Configure remote access IPSec connectivity including group IKE and shared IKE.
• Configure GRE tunnels.

Intended Audience

This course is intended for network engineers, network support personnel, and reseller support.

Course Level

This is an intermediate-level course.

Prerequisites

Prerequisites for this course include the following:

• Completion of the Configuring Juniper Networks Firewall/IPSec VPN Products (CJFV) course or equivalent experience with ScreenOS software.
• General networking knowledge, including Ethernet, TCP/IP, and routing concepts.

Course Contents

Day 1

Chapter 1: Course Introduction

Chapter 2: ScreenOS VPN Basics Review

• VPN Review
• Verifying Operations
• VPN Monitor
• Lab 1: VPN Review

Chapter 3: VPN Variations

• Dynamic Peers
• Transparent Mode
• Overlapping Addresses
• Lab 2: VPN Variations

Chapter 4: Hub-and-Spoke VPNs

• Concepts
• Policy-Based Hub-and-Spoke
• Route-Based, with No Policy, and NHTB
• Route-Based with Policy
• Centralized Control
• AutoConnect-Virtual Private Networks
• Lab 3: Hub-and-Spoke VPNs

Chapter 5: Routing over VPNs

• Routing Overview
• Configuring RIP
• Configuring OSPF
• Case Studies
• Lab 4: Dynamic Routing

Day 2

Chapter 6: Using Certificates

• Concepts and Terminology
• Configuring Certificates and Certificate Support
• Configuring VPNs with Certificates
• Lab 5: Using Certificates

Chapter 7: Redundant VPN Gateways (Optional)

• Redundant VPN Gateways
• Other Options
• Demo: Redundant VPN Gateways

Chapter 8: Generic Routing Encapsulation (Optional)

• Configuring GRE

Chapter 9: Dial-Up IPSec VPNs

• Basic Dial-up Configuration
• Group IKE ID
• XAUTH and Shared IKE ID

Appendix A: NetScreen-Remote

• NetScreen-Remote Overview
• Basic Dial-Up A-9
• XAUTH/Shared IKE ID
• Demo: Dial-Up VPNs
• Lab 6: Dial-Up VPNs