We're doing a migration here...going away from ipsec Nortel Contivity and migrating all remote vpn users to the Juniper MAG 6600 series gateways ssl vpn with clustering, via rsa securid authentication (ras tokens). I also have to set up mobile connectivity, I believe via Juniper Pulse. I was wondering if there's a guide, resourse, or even multiple resorses and docs which can help in order to build a plan on how/what to extract from the Nortels and the same for the MAGs. Trying to familiraize myself with the procedures involved to do this seamless and efficient, from start to end.
Thank you all
Version 8 is out but I have not seen the admin guide yet. Be sure to use resource profiles.
here it is, just found it
You will do best to follow a checklist.
decide teh type of remote users you have and exactly what resources they need to efectively get their job done. There are a few basic types of resource access
Core- web-based resources
Start off with core. If you have remote users with slow internet access, consider getting the Application acceleration module.
It integrates well with Windows AD. If you plan on using RADIUS, try the Microsoft Network Policy Server (NPS) . Be sure to tell how it works.
Thanks a lot for the response.
I still need to review the project. Is there a basic checklist I can build to correlate the two platforms so I can determine exactly what configs and data I need to manually extract from the Contivity and where I can configure the output on to the Juniper MAG devices? I'm trying to build a step by step checklist on the essentials and requirements.
It is tempting to create the roles and then the policies, but if you create the rles, then use resource policies it is more likely to lead to missing smething. Use resource profiles and all the configurations pages are linked s you don't have to go find them individualy. With one or two exceptions.
Basically, you need all your users(names/groups- works with AD groups) the resources you are allowing them to access and how you allow that access. Do I eed to give them full network access or just enough to get the job done?
Roles - Sales, Employees, Guests, Accounting, etc
Authentication Server Define different Authetication servers - AD, Local (on the MAG system), RADIUS, 2FA,(Numerous options)
Authentication Realm - Users realm
Role Mapping Rules and Restrictions -Map users by name, group (lots of otions)
Sign-In Policy - Determine Users authentication realm, sign-in page etc
Resource Policies - This is your ACL to specific resources. For example, you allow web access this allow/deny/detailed rules.
You can download and test the DTE. Has practicaly all the features of the MAG (with a few minor restrictions)
If you are touching the MAG for the first time, I suggest taking the JPSA course first. The thing ca be overwhelming.
Thank you for the response, very helpful.
I was thinking about doing the course, but really can't afford the 2k right now and I don't see any online courses.
I found this guide, seems pretty thorough..a lot to read and digest but this should familriaze myself with the platform .What are your thoughts?
The guide is comprehensive and will work well. You should be logged in to the MAG so you can actually be making the configurations as you learn them. There are online courses available. google "after dark JPSA courses"
I understand the cost constraints.