Local User Configuration

1. Enter the user's name in the User Name field (the name must be unique).

    
    

2. Click Enable to activate the new user.

    
    

3. Select IKE User. You then need to select either Simple Identity or Use Distinguished Name for ID.

    
    

• Number of Multiple Logins with Same ID: Indicates the number of users that can establish tunnels concurrently using this identity. If the VPN gateway uses preshared keys, the share limit is 1 so only a single user can log in at a time with that identity.

   
   

• Select Simple Identity to display additional IKE information.

   
   

IKE ID Type: From the drop-down menu, select the existing IKE type the new user will employ. The default is “auto.”

IKE Identity: This is how the remote NetScreen device in conjunction with the dynamically assigned untrusted IP address identifies itself to the user.

• If the remote peer is using a preshared key to verify its identity, enter the same ID string as the string that the remote peer entered on its system in the Local Identity field in the New Remote Gateway dialog box.

   
   

• If the remote peer is using a certificate to verify its identity, enter the host name plus domain name of the remote peer (for example, ns500.juniper.net).

   
   

• Use Distinguished Name For ID: Select this feature to make this user definition available to multiple hosts. Each host must have one or any number of specified field or fields in the distinguished name.

   
   

Selecting this feature displays the distinguished name fields for the certificate. You must enter information in one or many fields to specify them.

Note: It is impossible to use the Use Distinguished Name For ID feature while using a Preshared Key.

5. Select a type of user: Authentication User, XAuth User, or L2TP User.

    
    

Authentication User – A network user who must provide a user name and password for authentication when initiating a connection across the firewall.

XAuth User – An XAuth user is a remote auth user who connects to the NetScreen device via an AutoKey IKE VPN tunnel. Whereas the authentication of IKE users is actually the authentication of individuals’ devices, the authentication of XAuth users is the authentication of the individuals themselves.

L2TP User – A remote user whose IP address a NetScreen device assigns from a pool of addresses via Point-to-Point Protocol (PPP). The NetScreen device communicates with the remote user through PPP frames encapsulated in L2TP frames.

6. Enter a user password and then confirm the password.

    
    

7. If you selected L2TP or XAuth User, specify L2TP  or XAuth remote settings:

    
    

IP Pool: Select an IP pool name from the drop-down menu.

Static IP: Enter the IP address of the remote gateway.

Primary/Secondary DNS IP: The name or IP addresses of the Domain Name Service (DNS) servers. (Dynamic Host Control Protocol (DHCP) allows up to two DNS servers.)

Primary/Secondary WINS IP: The name or IP addresses of the Windows Internet Naming Service (WINS) server of the Microsoft Network.

7. Click OK to save your changes.