Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Configuring VPNs for Enterprise Manager Portal

 

You configure VPNs, then manage them through the Enterprise Manager Portal. Topics in this section include:

VPN Management Through Enterprise Manager Portal Overview

You can use the SRC software to allow IT managers to manage layer 3 VPNs on devices running Junos OS. This type of VPN supports membership based on filter-based forwarding policies.

You can configure Enterprise Manager Portal to display VPN features. IT managers can modify VPNs and send traffic associated with BoD subscriptions to specific VPNs. In addition, if you configure Enterprise Manager Portal to display extranet features, IT managers with privileges to configure VPNs can create extranets for other enterprises and retailers by exporting those VPNs. Enterprises and retailers who share VPNs that other subscribers own are called extranet clients.

To provide VPN services from Enterprise Manager Portal, you create corresponding VPN versions of the BoD services and their associated policies.

Before You Configure VPN Policies and Services

When you configure the SRC software to manage VPNs, complete the following tasks specific to the VPN configuration:

  1. Configure the VPNs on the device running Junos OS.

    See Junos OS VPNs Configuration Guide.

    All routing instances that implement a specific VPN must have the same name.

  2. Add the VPNs to the directory.

    The identifier for a VPN in the directory must match the name of the routing instance configured on the device running Junos OS.

  3. If you want to send traffic associated with BoD services to specific VPNs, configure policies and services for BoD traffic destined for VPNs.

    See Configuring Policies for BoD Traffic Destined for VPNs and Configuring Services for BoD Traffic Destined for VPNs.

  4. Implement an addressing scheme for VPNs that allows extranet clients to access the VPNs.

Configuring Policies for BoD Traffic Destined for VPNs

You can manage policies with the Policies, Services, and Subscribers CLI or the Policies, Services, and Subscribers subtasks in the C-Web interface.

To configure a policy for a BoD service associated with a VPN (a VPN policy):

  1. Copy the policy for the BoD service in the directory.

  2. Rename the policy you copied to a similar name that indicates this policy is the VPN version; for example, you can use <bodPolicy>Vpn, where <bodPolicy> is the name of the BoD policy.

    For example, if the name of the original policy is bod, rename the service you copied to bodVpn.

  3. Add a new local parameter (the name is arbitrary, for example vpnName) of type Routing Instance to the VPN policy.

  4. Add a new action of type RoutingInstanceAction to the input policy rule, and specify a Routing Instance of vpnName for this action.

  5. Save the VPN policy.

For a sample VPN policy, see policyGroupName=bodVpn, ou=entjunos, o=Policies, o=umc in the sample data. In the sample BoD policies, substitutions in services rename policy parameters to names required by Enterprise Manager Portal.

Configuring Services for BoD Traffic Destined for VPNs

You can manage services with the Policies, Services, and Subscribers CLI or the Policies, Services, and Subscribers subtasks in the C-Web interface.

To configure a BoD service that will be associated with a VPN (a VPN service):

  1. Copy the BoD service in the directory.

  2. Rename the service you copied to <bodService>_VPN, where <bodService> is the name of the original BoD service.

    For example, if the name of the original BoD service is called Gold, rename the service you copied to Gold_VPN.

  3. Add to the VPN service a parameter with a name that matches the parameter of type Routing Instance that you defined in the policy.

    See Configuring Policies for BoD Traffic Destined for VPNs.

  4. Modify the VPN service to use the corresponding VPN policy that you created.

  5. Save the service.

For a sample VPN service, see serviceName=Gold_VPN, l=entJunos, o=Scopes, o=umc in the sample data.