Virtual Private Networking Using IPSec Connections
168
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
In addition, a certification authority (CA) can also be used to perform authentication (see
Manage Digital Certificates on page 236). To use a CA, each VPN gateway needs to have a
certificate from the CA. For each certificate, there is both a public key and a private key. The
public key is freely distributed, and is used by any sender to encrypt data intended for the
receiver (the key owner). The receiver then uses its private key to decrypt the data (without
the private key, decryption is impossible). The use of certificates for authentication reduces
the amount of data entry that is required on each VPN endpoint.
VPN Policies Screen
The VPN Policies screen allows you to add additional policies—either Auto or Manual—and
to manage the VPN policies already created. You can edit policies, enable or disable policies,
or delete them entirely. These are the rules for VPN policy use:
• Traffic covered by a policy is automatically sent through a VPN tunnel.
• When traffic is covered by two or more policies, the first matching policy is used. (In this
situation, the order of the policies is important. However, if you have only one policy for
each remote VPN endpoint, then the policy order is not important.)
• The VPN tunnel is created according to the settings in the security association (SA).
• The remote VPN endpoint needs to have a matching SA, otherwise it refuses the
connection.
To access the VPN Policies screen:
Select VPN > IPSec VPN > VPN Policies. The VPN Policies screen displays. (The following
figure shows some examples.)
Figure 106.
To Next Page
Loading...
