View
127
Download
1
Category
Preview:
Citation preview
Overview: Juniper SSL VPN
Strategy, Architecture and Introduction
Technical Overview
Features– Extranet style web interface access to resources– Full/split tunnel capabilities with Network Connect– Mobile ready with Junos Pulse– No client installation required– Granular Authentication, Authorization and Auditing
capabilities– Secure Meeting Space
Basic Concepts
• Juniper model for secure remote access is granular allowing each component to be administered en masse or individually– Realms -> Users -> Roles -> Resources– Realms: Groupings of authentication resources (RADIUS, AD, LDAP,
Local, etc)– Users: User objects (individuals who will be granted access)– Roles: Ad-hoc groups of users that can contain one or more security
groups– Resources: Specific network resources that roles are enabled to access
• RDP connections to servers• Web pages• Network CIDR blocks (ie, 165.124.188.0/26)• File Shares
Basic Concepts, Cont’d
IPsec VPN v. SSL VPN: What’s the difference?IPsec • Designed for site-to-site encryption over insecure networks• Encapsulates packets at the network layer• Operates in two modes– Transport Mode: Packets payload is encrypted at sender
and decrypted at receiver– Tunnel Mode: Sessions are built and torn down between
endpoints (sites and user)
=
IPsec Modes
IPsec continued
SSL VPN
• Designed specifically for individual remote access to resources
• Allows for granular access to resources• Requires no software installation or
configuration• Allows for users to have a seamless
experience- no more connections and disconnections
SSL Crypto Negotiation
SSL VPN Cont’d
Recommended