VPN Configuration Supported Overview
NSM supports all possible VPN configurations that are supported by the CLI and Juniper Networks ScreenOS Web UI, including:
NAT-Traversal—Because NAT obscures the IP address in some IPsec packet headers, VPN nodes cannot receive VPN traffic that passes through an external NAT device. To enable VPN traffic to traverse a NAT device, you can use NAT Traversal (NAT-T) to encapsulate the VPN packets in UDP. If a VPN node with NAT-T enabled detects an external NAT device, it checks every VPN packet to determine if NAT-T is necessary.
XAuth—To authenticate remote access server (RAS) users, use XAuth to assign users an authentication token (such as SecureID) and to make TCP/IP settings (IP address, DNS server, and WINS server) for the peer gateway.