Greetings!
We have an SSG-140 by Juniper (similar to a netscreen 25, just a newer version of ScreenOS and more physical ports).
I find setting up new VPN profiles to be a PITA. I have to follow a bunch of steps, test it out, etc etc.
I find running an SSH server is easier as far as new user set up (e.g. the user accounts are in active directory, and there are other easy tings about it.)
I really prefer the IPSec VPN, and prefer that the netscreen do all this work.
Currently I just have three VPN clients (one using a PC client, and two using dedicated netscreen boxes). I would like to support 3 more dedicated devices and a few more users.
How can I make this easy as pie to administer and manage?
Thanks!
-
We are handling 80+ vpns (site to site) on a SSG140 using Route based VPNs. We've set up a tunel interface for each VPN purpose, next it's mainly a three steps conf.
- Setting up a routing entry
- Setting up a AutokeyIKE and Gtw.
- Modify/add the corresponding filtering rule or policy group object containing your remote Networks.
Note that this can be achieved with dynamic peer addresses for VPN failover.
Also with use Dialup Policy based Vpns for the roaming users.
Hope this helps.
From Maxwell
0 comments:
Post a Comment