You can either define users for Authentication or for VPN access. You can group VPN users to reduce the number of policies required to support dial-up users.
Enter the user's name in the User Name field (the name must be unique).
Click Enable to activate the new user.
Select IKE User. You then need to select either Simple Identity or Use Distinguished Name for ID.
Number of Multiple Logins with Same ID: Indicates the number of users that can establish tunnels concurrently using this identity. If the VPN gateway uses preshared keys, the share limit is 1 so only a single user can log in at a time with that identity.
Select Simple Identity to display additional IKE information.
IKE ID Type: From the drop-down menu, select the existing IKE type the new user will employ. The default is “auto.”
IKE Identity: This is how the remote NetScreen device in conjunction with the dynamically assigned untrusted IP address identifies itself to the user.
If the remote peer is using a preshared key to verify its identity, enter the same ID string as the string that the remote peer entered on its system in the Local Identity field in the New Remote Gateway dialog box.
If the remote peer is using a certificate to verify its identity, enter the host name plus domain name of the remote peer (for example, ns500.juniper.net).
Use Distinguished Name For ID: Select this feature to make this user definition available to multiple hosts. Each host must have one or any number of specified field or fields in the distinguished name.
Selecting this feature displays the distinguished name fields for the certificate. You must enter information in one or many fields to specify them.
Note: It is impossible to use the Use Distinguished Name For ID feature while using a Preshared Key.
Select a type of user: Authentication User, XAuth User, or L2TP User.
Enter a user password and then confirm the password.
If you selected L2TP or XAuth User, specify L2TP or XAuth remote settings:
IP Pool: Select an IP pool name from the drop-down menu.
Static IP: Enter the IP address of the remote gateway.
Primary/Secondary DNS IP: The name or IP addresses of the Domain Name Service (DNS) servers. (Dynamic Host Control Protocol (DHCP) allows up to two DNS servers.)
Primary/Secondary WINS IP: The name or IP addresses of the Windows Internet Naming Service (WINS) server of the Microsoft Network.
Click OK to save your changes.