This two-day, intermediate-level AJVI course focuses on the wide range of configuration options for various VPN designs and options available when configuring VPNs using a Juniper ScreenOS-based Firewall/VPN devices. Upon completion of the course, students will understand when and how to configure VPN Scenarios.

Students attending the course will learn these various deployments through detailed lectures and hands-on lab exercises.

Audience: Network engineers, technical support personnel, reseller support engineers and others responsible for implementing and or maintaining the Juniper Networks products covered in this course.
Course Objectives:
  • VPN concepts
  • IPSec VPN operations
  • Basic VPN configuration
  • Hub and spoke VPNs theory and configuration
  • ScreenOS-specific features (NHTB)
  • Using certificates
  • PKI theory
  • Certificate implementation
  • SCEP and OCSP
  • Dynamic peer VPN implementation
  • Transparent mode VPN implementation
  • VPNs with overlapping addresses
  • VPN redundancy
  • Dial-up VPN options
  • Group IKE ID
  • XAUTH
  • Shared IKE ID
Course Outline:
  • Course Introduction
  • ScreenOS VPN Basics Review
    • VPN Review
    • Verifying Operations
    • VPN Monitor
  • VPN Variations
    • Dynamic Peers
    • Transparent Mode
    • Overlapping Addresses

 

  • Hub-and-Spoke VPNs
    • Concepts
    • Policy-Based Hub-and-Spoke
    • Route-Based Hub-and-Spoke VPNs with No Policy and NHTB
    • Route-Based Hub-and-Spoke VPNs with Policy
    • Centralized Control Hub-and-Spoke VPNs
    • ACVPNs

 

  • Routing Over VPNs
    • Routing Overview
    • Configuring RIP
    • Configuring OSPF
    • Case Studies
  • Using Certificates
    • Concepts and Terminology
    • Configuring Certificates and Certificate Support
    • Configuring VPNs with Certificates
  • Redundant VPN Gateways (Optional)
    • Redundant VPN Gateways
    • Other Options
  • Generic Routing Encapsulation (Optional)
    • Configuring GRE
  • Dial-Up IPsec VPNs (Optional)
    • Basic Dial-Up Configuration
    • Group IKE ID
    • XAUTH and Shared IKE ID
  • Appendix A: NetScreen-Remote Software (Optional)
    • NS-Remote Overview Basic Dial-Up XAUTH and Shared IKE ID