 |
Note: Make sure you select the access profile that you set using the CLI statements in Configuring an Access Profile for XAuth. |
IKE configuration is needed to identify the clients using the JUNOS software firewall. Usually you configure one IKE user per client installed, but because XAuth is used as an extra layer of authentication, the shared IKE ID is used to build Phase 1 of the VPN tunnel.
Perform the following tasks to complete the configuration:
The following sample commands configure an IKE gateway named jsr_gateway for up to 100 concurrent users. The remote (dynamic) users have an unspecified IP address but use the email address test@juniper.net as their shared IKE ID. The trusted external interface for traffic from these users is fe-3/0/20. The gateway uses extended authentication (XAuth) to verify the authenticity of these users with the previously created access profile xauth. (See Configuring an Access Profile for XAuth)
- user@host# set security ike gateway jsr_gateway dynamic
user-at-hostname “ test@juniper.net”
- user@host# set security ike gateway jsr_gateway dynamic
connections-limit 100
- user@host# set security ike gateway jsr_gateway dynamic
ike-user-type shared-ike-id
- user@host# set security ike gateway jsr_gateway external-interface
fe-3/0/2
- user@host# set security ike gateway jsr_gateway xauth
access-profile xauth
Alternatively, for J-Web Quick Configuration, see Configuring an IKE Gateway and Peer Authentication—Quick Configuration.
|
Note: Make sure you select the access profile that you set using the CLI statements in Configuring an Access Profile for XAuth. |
 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |