[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Configuring VPNs for Enterprise Manager Portal

You can use the SRC software to allow IT managers to manage layer 3 VPNs on JUNOS routing platforms. This type of VPN supports membership based on filter-based forwarding policies.

You can configure Enterprise Manager Portal to display VPN features. IT managers can modify VPNs and send traffic associated with BoD subscriptions to specific VPNs. In addition, if you configure Enterprise Manager Portal to display extranet features, IT managers with privileges to configure VPNs can create extranets for other enterprises and retailers by exporting those VPNs. Enterprises and retailers who share VPNs that other subscribers own are called extranet clients.

To provide VPN services from Enterprise Manager Portal, you create corresponding VPN versions of the BoD services and their associated policies.

Before You Configure VPN Policies and Services

When you configure the SRC software to manage VPNs, you must perform some additional tasks to those listed in Before You Configure Services for Enterprise Manager Portal:

  1. Configure the VPNs on the JUNOS routing platform (see JUNOS VPNs Configuration Guide).

All routing instances that implement a specific VPN must have the same name.

  1. Add the VPNs to the directory (see Chapter 24, Adding VPNs from JUNOS Routing Platforms).

The identifier for a VPN in the directory must match the name of the routing instance configured on the JUNOS routing platform (see Step 1).

  1. If you want to send traffic associated with BoD services to specific VPNs, configure policies and services for BoD traffic destined for VPNs (see Configuring Policies for BoD Traffic Destined for VPNs and Configuring Services for BoD Traffic Destined for VPNs).
  2. Implement an addressing scheme for VPNs that allows extranet clients to access the VPNs (see Implementing a Routing Scheme for VPNs).

Configuring Policies for BoD Traffic Destined for VPNs

You can manage policies from Policy Editor. For information about creating policies in Policy Editor, see SRC-PE Services and Policies Guide, Chapter 11, Configuring and Managing Policies with the SRC CLI or SRC-PE Services and Policies Guide, Chapter 7, Using Policy Editor.

To configure a policy for a BoD service associated with a VPN (a VPN policy):

  1. Copy the policy for the BoD service in the directory.
  2. Rename the policy you copied to a similar name that indicates this policy is the VPN version; for example, you can use <bodPolicy>Vpn, where <bodPolicy> is the name of the BoD policy.

For example, if the name of the original policy is bod, rename the service you copied to bodVpn.

  1. Add a new local parameter (the name is arbitrary, for example vpnName) of type Routing Instance to the VPN policy.
  2. Add a new action of type RoutingInstanceAction to the input policy rule, and specify a Routing Instance of vpnName for this action.
  3. Save the VPN policy.

For a sample VPN policy, see policyGroupName=bodVpn, ou=entjunos, o=Policies, o=umc in the sample data. In the sample BoD policies, substitutions in services rename policy parameters to names required by Enterprise Manager Portal.

Configuring Services for BoD Traffic Destined for VPNs

You can manage services from SDX Admin. For information about creating services in SDX Admin, see SRC-PE Services and Policies Guide, Chapter 22, Reviewing and Configuring Policies and Services for Enterprise Manager Portal.

To configure a BoD service that will be associated with a VPN (a VPN service):

  1. Copy the BoD service in the directory.
  2. Rename the service you copied to <bodService>_VPN, where <bodService> is the name of the original BoD service.

For example, if the name of the original BoD service is called Gold, rename the service you copied to Gold_VPN.

  1. Add to the VPN service a parameter with a name that matches the parameter of type Routing Instance that you defined in the policy (see Step 3 of Configuring Policies for BoD Traffic Destined for VPNs).
  2. !vpnName=bodVpnName
    
    
    
  3. Modify the VPN service to use the corresponding VPN policy that you created.
  4. Save the service.

For a sample VPN service, see serviceName=Gold_VPN, l=entJunos, o=Scopes, o=umc in the sample data.


[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]