Establishing an IPsec VPN Tunnel (IKE Phase)

Once Access Manager is installed, the user can use it to initiate a secure VPN tunnel to the remote access server as follows:

1. The user launches Access Manager.

   The user can launch Access Manager by using either of the following methods:

   • Choose All Programs>Juniper Networks>Access Manager from the Windows Start menu.
   • Select the Access Manager icon in the system tray at the lower right corner of the Windows screen.
   When the user launches the client, the Access Manager dialog box appears.

2. The user creates a connection to the server, if necessary.

   If no connections are available in the Access Manager dialog box, the user must specify a connection server:

   1. From the File menu, choose Setup Connection.
   2. In the New Connection dialog box that appears, enter the hostname of the remote access server and the appropriate username.
   3. Click OK. The specified connection appears in the Access Manager dialog box.

3. The user starts the connection.

   In the Access Manager dialog box, the user selects which server connection to initiate by using one of the following methods:

   • Select one of the connections, right-click, and choose Connect.
   • Select one of the connections, and from the File menu, choose Start Connection.
4. The server checks for a valid license.

   When the user initiates a connection to a remote access server, the server checks that a seat license is currently available for the user’s session.

5. The user signs into the server.

   The user enters the appropriate username and password into the login page, and the remote access server sends them to the authentication server for validation.

   Note: The username and password entered here are used to validate the user’s eligibility to establish the VPN session. These credentials are separate from those used to validate the user’s eligibility to download the client.

6. The client initiates the VPN session.

   Once the user has successfully authenticated, the client sends a preshared key to the remote access server. (The client initially received this key as part of the initial client configuration download.) The client and server use an AutoKey IKE exchange to create security associations (SAs) and establish a secure VPN tunnel.

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices
• Dynamic VPN Configuration Overview
• Understanding the Dynamic VPN and Access Manager User Experience
• Connecting to the Remote Access Server for the First Time (Pre-IKE Phase)
• Connecting to the Remote Access Server for Subsequent Sessions (Pre-IKE Phase)