SRX

Hi

I want different Xauth Profile for user groups like group1 users should get IP from different pool and group2 users from different Pool. So I can put different security policies on the SRX for different Pool. What I understood we can make different Xauth Profile and bind it to their respective IPSEC tunnel But in the Dynamic VPN configuration we can specifiy only one Access Profile?

How can I meet my requirement? If I make only one access profile with xauth then in the dynamic VPN condiguration I can restric the users to protected resources (as per users) BUT user can put manual routes on their PC and since for access profile, on SRX the IPSEC policy would be any any so users can access any thing by putting the manual routes on their machine.

Thanks

please refer to:

1/ http://www.getgreennetworking.com/techpubs/en_US/junos11.1/information-products/topic-collections/security/software-all/security/index.html?topic-44792.html

2/ http://www.getgreennetworking.com/techpubs/en_US/junos11.1/information-products/topic-collections/security/software-all/security/index.html?topic-54650.html

hope this helps.

thanks,

raheel

Hi Raheel

Thanks a lot. Can you please reply to my specific quesiton. I know how to confiugre the Dynamic VPN with Xauth.

Thanks

Regarding restricting users using protected resource configuration, it's something which is hard bound to the client and the client won't send packets even if we manually configure routes on the PC. Only the routes mentioned in the protected resources configuration will be used for sending traffic over the tunnel.

Regarding the scenario of using multiple xauth and binding to respective tunnels will get back to you shortly.

Thanks dear. Appreciated you reply. I am waiting for your response.

thanks

Hi

Is there any one?

Right now the dynamic-vpn configuration allows for only 1 access profile. Will update the PR details shaortly.

PR 680047 - Confidential - CSS 11.1/Narfi-HA: Dynamic VPN with Multiple Xauth Profile is not supported.

Thanks for the reply