Configuring VPNs

VPNs route private data through a public Internet. Like normal Internet traffic, data in a VPN is routed from source to destination using public Internet networking equipment. Unlike normal traffic, however, the source and destination use a Security Association (SA) pair to create a secure, private tunnel through which the data traverses the Internet. A tunnel has a defined start point and end point, (usually an IP address), and is a private connection through which the data can move freely. By encrypting and authenticating the data while in the tunnel, you can ensure the security and integrity of the data.

VPNs can also connect widely distributed networks to make separate networks appear as a single Wide Area Network (WAN). VPNs replace costly point-to-point protocol (PPP) and frame relay connections that require dedicated lines (and sometimes even satellites!) between your private networks.

This chapter discusses the concepts involved in creating secure tunnels between devices, details the differences between VPN types, helps you determine the best VPN for your network, and guides you through creating and configuring your chosen VPN.

Note: For step-by-step instructions on creating VPNs, see the Network and Security Manager Online Help Topic “VPNs” .

• Device Level VPN Types and Supported Configurations Overview
• Device Level AutoKey IKE VPN: Using Gateway Configuration Overview
• Device Level AutoKey IKE VPN: Using Routes Configuration Overview
• Device-Level AutoKey IKE VPN: Using VPN Configuration Overview
• Device-Level AutoKey IKE VPN: Using VPN Rule Configuration Overview
• Device-Level Manual Key VPN: Using XAuth Users Overview
• Device-Level Manual Key VPN: Using Routing-Based VPN Overview
• Device-Level Manual Key VPN: Using VPN Configuration Overview
• Device Level Manual Key VPN: Using VPN Rule Configuration Overview
• Device Level L2TP VPN: Using L2TP Users Configuration Overview
• Device Level L2TP VPN: Using L2TP Configuration Overview
• Device Level L2TP VPN: Using VPN Rule Configuration Overview
• Creating Device Level L2TP-over-Autokey IKE VPNs Overview
• Adding VPN Rules to a Security Policy Overview
• Example: Creating Device Level VPN Type 1 (NSM Procedure)
• Example: Creating Device Level VPN Type 2 (NSM Procedure)
• Example: Creating Device Level VPN Type 3 (NSM Procedure)
• L2TP and Xauth Local Users Configuration Overview
• Configuring L2TP Local Users (NSM Procedure)
• XAuth Users Authentication Overview
• Vsys Configurations in NSM Overview
• Virtual Router Configurations for Root and Vsys Overview
• Zone Configurations for Root and Vsys Overview
• Interface Configurations for Root and Vsys Overview
• Viewing Root and Vsys Configurations
• Managing Inter-Vsys Traffic with Shared DMZ Zones
• Example: Routing Traffic to Vsys Using VLAN IDs (NSM Procedure)
• Example: Routing Traffic to Vsys Using IP Classification (NSM Procedure)
• Layer 2 Vsys Configuration Overview
• Assigning L2V VLAN IDs (NSM Procedure)
• L2V VLAN Groups in NSM Overview
• Predefined L2V Zones in NSM Overview
• L2V Interface Management in NSM Overview
• Converting L2V to VLAN Trunking (NSM Procedure)
• Configuring Crypto-Policy Overview
• Certificate Authentication Support in NSM Overview
• Self-Signed Certificates in NSM Overview
• Local Certificate Validation of ScreenOS Devices Overview
• Generating Certificate Requests to ScreenOS Devices (NSM Procedure)
• Loading Local Certificate into NSM Management System
• Installing Local Certificates Using SCEP in NSM
• Manual Installation of Local Certificates in NSM
• Certificate Authority Configuration in NSM Overview
• Installing CA Certificates Using SCEP in NSM
• Manual Installation of CA Certificates in NSM
• Configuring Certificate Revocation Lists (NSM Procedure)
• Imported Certificates in NSM Overview
• PKI Default Settings Configuration in NSM Overview