Local User Configuration

You can either define users for Authentication or for VPN access. You can group VPN users to reduce the number of policies required to support dial-up users.

To Create a Local User

  1. Enter the user's name in the User Name field (the name must be unique).

  2. Click Enable to activate the new user.

  3. Select IKE User. You then need to select either Simple Identity or Use Distinguished Name for ID.

IKE ID Type: From the drop-down menu, select the existing IKE type the new user will employ. The default is “auto.”

IKE Identity: This is how the remote NetScreen device in conjunction with the dynamically assigned untrusted IP address identifies itself to the user.

If the remote peer is using a preshared key to verify its identity, enter the same ID string as the string that the remote peer entered on its system in the Local Identity field in the New Remote Gateway dialog box.

If the remote peer is using a certificate to verify its identity, enter the host name plus domain name of the remote peer (for example, ns500.juniper.net).

Selecting this feature displays the distinguished name fields for the certificate. You must enter information in one or many fields to specify them.

Note: It is impossible to use the Use Distinguished Name For ID feature while using a Preshared Key.

  1. Select a type of user: Authentication User, XAuth User, or L2TP User.

  1. Enter a user password and then confirm the password.

  2. If you selected L2TP or XAuth User, specify L2TP  or XAuth remote settings:

IP Pool: Select an IP pool name from the drop-down menu.

Static IP: Enter the IP address of the remote gateway.

Primary/Secondary DNS IP: The name or IP addresses of the Domain Name Service (DNS) servers. (Dynamic Host Control Protocol (DHCP) allows up to two DNS servers.)

Primary/Secondary WINS IP: The name or IP addresses of the Windows Internet Naming Service (WINS) server of the Microsoft Network.

  1. Click OK to save your changes.