Hi,
Thank you for your help, I can understund everything apart this:
1. Configure the security policy:
set security policies from-zone internet to-zone lan policy dyn-vpn-policy match source-address any
set security policies from-zone internet to-zone lan policy dyn-vpn-policy match destination-address any
set security policies from-zone internet to-zone lan policy dyn-vpn-policy match application any
set security policies from-zone internet to-zone lan policy dyn-vpn-policy then permit tunnel ipsec-vpn dyn-vpn
2. Configure the IKE gateway:
set security ike gateway dyn-vpn-local-gw ike-policy ike-dyn-vpn-policy
set security ike gateway dyn-vpn-local-gw dynamic hostname dynvpn
set security ike gateway dyn-vpn-local-gw dynamic connections-limit 10
set security ike gateway dyn-vpn-local-gw dynamic ike-user-type group-ike-id
set security ike gateway dyn-vpn-local-gw external-interface ge-0/0/0.0
set security ike gateway dyn-vpn-local-gw xauth access-profile dyn-vpn-access-profile
So:
1. Configure the security policy - I have to setup a policies from the untrusted zone (internet) to the trusted zone (which is my LAN) ? So I have specifed the LAN to ge-0/0/1.0 so it should applied the rules to my management lan?
2. Configure the IKE gateway - Here I have to configure the IKE gateway, but can I do it on the existing interface? last time commit check failed because I assigned dyn-vpn-local-gw to the existing interface - so should I do
set security ike gateway dyn-vpn-local-gw ike-policy ike-dyn-vpn-policy
set security ike gateway dyn-vpn-local-gw dynamic hostname dynvpn
set security ike gateway dyn-vpn-local-gw dynamic connections-limit 10
set security ike gateway dyn-vpn-local-gw dynamic ike-user-type group-ike-id
set security ike gateway dyn-vpn-local-gw xauth access-profile dyn-vpn-access-profile
without
set security ike gateway dyn-vpn-local-gw external-interface ge-0/0/0.0
Could you possibly explain it to me please?