Juniper SA Overview
-
Upload
daniel-rohan -
Category
Technology
-
view
1.029 -
download
1
description
Transcript of Juniper SA Overview
![Page 1: Juniper SA Overview](https://reader036.fdocuments.net/reader036/viewer/2022081603/55758144d8b42adb7e8b51b8/html5/thumbnails/1.jpg)
Overview: Juniper SSL VPN
Strategy, Architecture and Introduction
![Page 2: Juniper SA Overview](https://reader036.fdocuments.net/reader036/viewer/2022081603/55758144d8b42adb7e8b51b8/html5/thumbnails/2.jpg)
Technical Overview
Features– Extranet style web interface access to resources– Full/split tunnel capabilities with Network Connect– Mobile ready with Junos Pulse– No client installation required– Granular Authentication, Authorization and Auditing
capabilities– Secure Meeting Space
![Page 3: Juniper SA Overview](https://reader036.fdocuments.net/reader036/viewer/2022081603/55758144d8b42adb7e8b51b8/html5/thumbnails/3.jpg)
Basic Concepts
• Juniper model for secure remote access is granular allowing each component to be administered en masse or individually– Realms -> Users -> Roles -> Resources– Realms: Groupings of authentication resources (RADIUS, AD, LDAP,
Local, etc)– Users: User objects (individuals who will be granted access)– Roles: Ad-hoc groups of users that can contain one or more security
groups– Resources: Specific network resources that roles are enabled to access
• RDP connections to servers• Web pages• Network CIDR blocks (ie, 165.124.188.0/26)• File Shares
![Page 4: Juniper SA Overview](https://reader036.fdocuments.net/reader036/viewer/2022081603/55758144d8b42adb7e8b51b8/html5/thumbnails/4.jpg)
Basic Concepts, Cont’d
![Page 5: Juniper SA Overview](https://reader036.fdocuments.net/reader036/viewer/2022081603/55758144d8b42adb7e8b51b8/html5/thumbnails/5.jpg)
IPsec VPN v. SSL VPN: What’s the difference?IPsec • Designed for site-to-site encryption over insecure networks• Encapsulates packets at the network layer• Operates in two modes– Transport Mode: Packets payload is encrypted at sender
and decrypted at receiver– Tunnel Mode: Sessions are built and torn down between
endpoints (sites and user)
=
![Page 6: Juniper SA Overview](https://reader036.fdocuments.net/reader036/viewer/2022081603/55758144d8b42adb7e8b51b8/html5/thumbnails/6.jpg)
IPsec Modes
![Page 7: Juniper SA Overview](https://reader036.fdocuments.net/reader036/viewer/2022081603/55758144d8b42adb7e8b51b8/html5/thumbnails/7.jpg)
IPsec continued
![Page 8: Juniper SA Overview](https://reader036.fdocuments.net/reader036/viewer/2022081603/55758144d8b42adb7e8b51b8/html5/thumbnails/8.jpg)
SSL VPN
• Designed specifically for individual remote access to resources
• Allows for granular access to resources• Requires no software installation or
configuration• Allows for users to have a seamless
experience- no more connections and disconnections
![Page 9: Juniper SA Overview](https://reader036.fdocuments.net/reader036/viewer/2022081603/55758144d8b42adb7e8b51b8/html5/thumbnails/9.jpg)
SSL Crypto Negotiation
![Page 10: Juniper SA Overview](https://reader036.fdocuments.net/reader036/viewer/2022081603/55758144d8b42adb7e8b51b8/html5/thumbnails/10.jpg)
SSL VPN Cont’d