Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

VPN Profiles Overview

You can use a VPN Profile Wizard to create an object that specifies the VPN proposals, mode of the VPN, and other parameters used in a route-based IPsec VPN. You can also configure the Phase 1 and Phase 2 settings in a VPN profile.

When a VPN profile is created, Juniper Security Director Cloud creates an object in the database to represent the VPN profile. You can use this object to create route-based IPsec VPN.

Note:

You cannot modify or delete Juniper Networks defined VPN profiles. You can only clone the profiles and create new profiles.

SRX Series Firewalls support preshared key and PKI certificate-based authentication methods in IKE negotiation for IPsec VPNs. The RSA certificate and DSA certificate-based authentication are supported for IKE negotiation. The predefined VPN profile is available with both RSA and DSA certificates-based authentication. The PKI certificate list from the device is automatically retrieved during the device discovery and update-based syslog notifications.

Use the VPN profiles main page to get an overall, high-level view of your VPN settings. You can filter and sort this information to get a better understanding of what you want to configure.

Field Descriptions - VPN Profiles Page

Table 1: Fields on the VPN Profiles Page

Field

Description

Name

The name of the VPN profile.

Description

The description of the VPN profile.

Type

A VPN profile type can be predefined or custom.

Juniper Security Director Cloud comes with predefined proposal sets for both Phase 1 and Phase 2 IKE negotiations. You can use these predefined sets or create your own.

Mode

The Phase1 IKE negotiation mode (main or aggressive) is used to determine the type and number of message exchanges that occur in a phase.

Only one mode is used for negotiation, and the same mode must be configured on both sides of the tunnel.

VPN Topology

The types of deployment topologies for IPsec VPN, such as site-to-site, hub-and-spoke, and remote access VPNs.

IPsec VPNs

The IPsec VPNs involved in the VPN profile.

Created By

The user who created the VPN profile.

Related Documentation