Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ssl vpn setup

after1_
Contributor
‎12-11-2011 12:41:AM
‎12-11-2011 12:41:AM

ssl vpn setup

Hi all,

I have 2 SA and I would like to set them up in Active/passive clustering mode, both internal and external interfaces traffic will be point toward the firewall ( we have only 1 FW). I also have 2 user groups, Finance and Accounting.

Looking at the active/.passive topology map on this page http://www.juniper.net/techpubs/software/ive/guides/howtos/How_To_IVE_Cluster.pdf , it seems like I need to create 4 vlan/subnets?:

vlan1, subnet 1: external interfaces and external cluster vip - using public IPs

vlan 2, subnet 2: internal iinterfaces and intrernal cluster vip - using private IPs

vlan 3, subnet 3: Accounting user group (where do I create the Ip address pool for this group? on external DHCP server ort can it be done on the SA?

vlan 4, subnet 4: Finance user group (same question as above, where do I create the Ip address pool for this group? on external DHCP server ort can it be done on the SA?ance four yur time.

Im stuck at this point and cant proceed before i have a clear picture of the topology map.

Any input is greatly appreciated, Cheers

0 Kudos
3 REPLIES 3
NULL_
Contributor
‎12-11-2011 04:04:AM
‎12-11-2011 04:04:AM

Re: ssl vpn setup

Hi after1,

didn't get it if you're reffering t oa Layer3 VPN Deployment or some other functionality.

If it's Layer3 VPN

  • Yes you can have a Local DHCP pool on SA (Pulse / NetworkConnect)

General:

Don't forget to secure your administrativ access

  • Strong-Authentication (Two-Factor Auth)
  • If no Strong-Authentication is available use Long Passwords (with different Characters and Signs)
  • Limit the IP Space which can access the Administrative Path

regards

NULL

0 Kudos
after1_
Contributor
‎12-11-2011 03:18:PM
‎12-11-2011 03:18:PM

Re: ssl vpn setup

Hi NULL,

I'm not using layer 3 vpn. Is it best practice to use local dhcp on the SA and says I have 2 groups of users, is that means I need to create 2 dynamic dhcp pool?

How does SA allocating IP addresses when user login?

Not many docks avail on VPN physical setup
0 Kudos
kenlars_
Super Contributor
‎12-11-2011 07:44:PM
‎12-11-2011 07:44:PM

Re: ssl vpn setup

Dear after1 -

If you are not using layer 3 VPN (Network Connect), your 3rd and 4th address ranges are not required, as all traffic for the user (WSAM, TS, web rewriting, etc.) will be sourced from the internal address of the SA.

If you are using Network Connect, you can assign the 3rd and 4th ranges from a DHCP server, or from a range configured on the SA. You want to look under Network Policies >> Network Connect >> NC Connection Profiles. A NC connection profile is also used to set DNS and proxy information for the role. These can be in the same subnet as the internal interface of the SA. If they are not, you will need to create static route entries in the default gateway router for the SA to route these subnets to the internal interface of the SA.

Hope this is helpful.

Ken

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.