You are viewing an old version of this content. View the current version.
Compare with Current
View Version History
« Previous
Version 8
Next »
Access profiles, also known as client profiles, contain the parameters to grant access and provide basic service to a subscriber during initial login.
https://www.juniper.net/documentation/en_US/junos/topics/concept/subscriber-management-dynamic-profiles-compare.html
|
|
|---|
|
set access profile <profilename>
set access profile <profilename> client <clientmname> firewall-user password <password>
#define and use @IP pool:
set access address-assignment pool mypool family inet network 10.100.100.0/24
set access profile myprofile address-assignment pool mypool
#
set access address-assignment pool mypool family inet xauth-attributes primary-dns 8.8.8.8
root@SRX1500-2# set access profile myprofile ?
Possible completions:
> accounting Specifies the accounting options
> address-assignment Address assignment pool
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
+ authentication-order Order in which authentication mechanisms are used
+ charging-service-list List of used 3gpp charging servicess
> client Entity requesting access
> client-name-filter Restrictions on client names
> domain-name-server Default DNS server's IPv4 address
> domain-name-server-inet DNS server's IPv4 address
> domain-name-server-inet6 DNS server's IPv6 address
> jsrc Set of JSRC configurations
> ldap-options Lightweight Directory Access Protocol options
> ldap-server Lightweight Directory Access Protocol server
> local Set configuration for local reporting
+ preauthentication-order Order in which preauthentication mechanisms are used
> radius Set of RADIUS configurations
> radius-options RADIUS options
> radius-server RADIUS server configuration
> session-options Options for an authenticated client's session
> wins-server Default WINS server's IPv4 address
|
| Configuration Steps |
| Step 1. Configure Dynamic VPN Users and IP Address Pool Step 2. Configure IPSec Phase 1 Step 3. Configure IPSec Phase 2 Step 4. Configure Dynamic VPN Parameters Step 5. Configure Security Policy Step 6. Verifying IPSec Connection |
| 1- Configure Dynamic VPN Users and IP Address Pool | - profile <dyn-profile> client < username, password + IP pool >
- address-assignment pool < name, ip pool , dns >
- firewall-authentication
|
| 2- Configure IPSec Phase 1 | - ike proposal
- ike policy < mode, proposal-set, pre-shared-key >
- ike gateway < ike policy, dyn hostname, dyn ike-user-type, xauth profile>
|
| 3- Configure IPSec Phase 2 | - ipsec proposal
- ipsec policy < proposal-set >
- ipsec vpn < ike gateway , ipsec-policy >
|
| 4- Configure Dynamic VPN Parameters | dynamic-vpn < access-profile, clients all remote-protected-resources/servers remote-exceptions , ipsec-vpn , client user > |
| 5- Configure Security Policy | policies from-zone untrust to-zone trust < match any/any/any, then tunnel ipsec-vpn > |
| untrust zone | host-inbound traffic < system-services https ? > |