Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


VPN Configuration Supported Overview


NSM supports all possible VPN configurations that are supported by the CLI and Juniper Networks ScreenOS Web UI, including:

  • NAT-Traversal—Because NAT obscures the IP address in some IPsec packet headers, VPN nodes cannot receive VPN traffic that passes through an external NAT device. To enable VPN traffic to traverse a NAT device, you can use NAT Traversal (NAT-T) to encapsulate the VPN packets in UDP. If a VPN node with NAT-T enabled detects an external NAT device, it checks every VPN packet to determine if NAT-T is necessary.

  • XAuth—To authenticate remote access server (RAS) users, use XAuth to assign users an authentication token (such as SecureID) and to make TCP/IP settings (IP address, DNS server, and WINS server) for the peer gateway.