Overview: Juniper SSL VPN

Strategy, Architecture and Introduction

Technical Overview

Features– Extranet style web interface access to resources– Full/split tunnel capabilities with Network Connect– Mobile ready with Junos Pulse– No client installation required– Granular Authentication, Authorization and Auditing

capabilities– Secure Meeting Space

Basic Concepts

• Juniper model for secure remote access is granular allowing each component to be administered en masse or individually– Realms -> Users -> Roles -> Resources– Realms: Groupings of authentication resources (RADIUS, AD, LDAP,

Local, etc)– Users: User objects (individuals who will be granted access)– Roles: Ad-hoc groups of users that can contain one or more security

groups– Resources: Specific network resources that roles are enabled to access

• RDP connections to servers• Web pages• Network CIDR blocks (ie, 165.124.188.0/26)• File Shares

Basic Concepts, Cont’d

IPsec VPN v. SSL VPN: What’s the difference?IPsec • Designed for site-to-site encryption over insecure networks• Encapsulates packets at the network layer• Operates in two modes– Transport Mode: Packets payload is encrypted at sender

and decrypted at receiver– Tunnel Mode: Sessions are built and torn down between

endpoints (sites and user)

=

IPsec Modes

IPsec continued

SSL VPN

• Designed specifically for individual remote access to resources

• Allows for granular access to resources• Requires no software installation or

configuration• Allows for users to have a seamless

experience- no more connections and disconnections

SSL Crypto Negotiation

SSL VPN Cont’d