Friday, February 27, 2009

Juniper Client VPN Example

set user john.doe ike-id u-fqdn john@abc123.net share-limit 1

set user john.doe type auth ike xauth

set user john.doe password j0hnch33s3

set user-group remote_users user john.doe

set ike gateway gw-remote dialup remote_users aggressive outgoing-interface untrust preshare 2pffSTR61 proposal pre-g2-3des-sha

set ike gateway gw-remote xauth

set ike gateway gw-remote nat-traversal

set vpn vpn-remote gateway gw-remote proposal nopfs-esp-3des-sha

set vpn vpn-remote monitor

set ippool Dial-Up VPN 10.0.0.1 10.0.0.250

set policy top from untrust to trust "Dial-Up VPN" Win195V_192.168.98.64 any tunnel vpn vpn-remote log

set policy top from untrust to trust "Dial-Up VPN" Win1952V_192.168.98.60 any tunnel vpn vpn-remote log

Posted by Jerome at 7:45 AM
Labels: ,

4 comments:

  1. Shouldn't the last line be "trust to untrust" to make the policy based VPN bi-directional?

    Great post though. Very useful!

    Erik Witkop
    http://newenglandnetworkconsulting.com/

    ReplyDelete

  2. Client VPNS are typically inbound from the address pool to internal resources. In the rare event that this connection initiates from an internal resource outbound to an already established client, then an outbound rule would be needed.

    ReplyDelete

  3. I also just realized that I omitted the step to create the address pool. I will update this shortly.

    ReplyDelete

Subscribe to: Post Comments (Atom)