Specifications

Virtual Private Networking Using IPSec Connections

166

ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308

In addition, a certification authority (CA) can also be used to perform authentication (see

Manage Digital Certificates on page 234). To use a CA, each VPN gateway needs to have a

certificate from the CA. For each certificate, there is both a public key and a private key. The

public key is freely distributed, and is used by any sender to encrypt data intended for the

receiver (the key owner). The receiver then uses its private key to decrypt the data (without

the private key, decryption is impossible). The use of certificates for authentication reduces

the amount of data entry that is required on each VPN endpoint.

VPN Policies Screen

The VPN Policies screen allows you to add additional policies—either Auto or Manual—and

to manage the VPN policies already created. You can edit policies, enable or disable policies,

or delete them entirely. These are the rules for VPN policy use:

• Traffic covered by a policy is automatically sent via a VPN tunnel.

• When traffic is covered by two or more policies, the first matching policy is used. (In this

situation, the order of the policies is important. However, if you have only one policy for

each remote VPN endpoint, then the policy order is not important.)

• The VPN tunnel is created according to the settings in the security association (SA).

• The remote VPN endpoint needs to have a matching SA, otherwise it refuses the

connection.

 To access the VPN Policies screen:

Select VPN > IPSec VPN > VPN Policies. The VPN Policies screen displays. (The following

figure shows some examples.)

Figure 106.