To Configure Manual
Key VPN Tunnel Advanced OptionsYou can specify additional optional settings and parameters when configuring a Manual Key VPN tunnel.
To Configure Manual
Key VPN Tunnel Advanced OptionsBind to: Select one of the following check boxes to bind the VPN tunnel to a tunnel interface or a tunnel zone, or to leave the tunnel unbound. If you bind the tunnel to a tunnel interface or tunnel zone, also select the interface or zone from the corresponding drop-down list:
None: Select this option to use the outgoing interface as the interface to and from the VPN tunnel. (Selecting this option has the same effect as binding the VPN tunnel to the Untrust-Tun tunnel zone.)
Tunnel Interface: Select this option to bind the VPN tunnel to the tunnel interface that you select from the drop-down list. This option creates a one-to-one relationship between the tunnel and the tunnel interface.
Note: You can bind a VPN tunnel only to a tunnel interface in a security zone, not to a tunnel interface in a tunnel zone.
Tunnel Zone: Select this option to bind the VPN tunnel to a tunnel zone. You can then use multiple tunnel interfaces bound to the same tunnel zone with this VPN tunnel. This option allows a one-to-many relationship between the VPN tunnel and tunnel interfaces. (When both the interface and tunnels are bound to the same tunnel zone, you can also link a single tunnel interface to multiple VPN tunnels.)
VPN Monitor: Select this check box to enable VPN monitoring. The NetScreen device activates its SNMP VPN monitoring objects, which note data on such aspects of the VPN tunnel as the number of active VPN sessions, the time a session began, the SA elements for each session, and session status parameters.
Note: You must first import the NetScreen-specific MIB extension files into your SNMP manager application. The MIB extension files are available at http://www.juniper.net/support.
Source Interface: Select the interface to be used as the source interface for VPN monitor packets. For VPN monitoring through NetScreen Remote, the source interface for VPN monitor packets must be bound to the Trust zone of the network being monitored.
Destination IP: Type the destination IP address for the VPN monitoring feature to ping.
Optimized:Select this check box if you want the NetScreen device to accept incoming traffic through the VPN tunnel as a substitute for ICMP echo replies. If there is both incoming and outgoing traffic through the VPN tunnel, the device suppresses VPN monitoring pings.
Note: If you enable VPN monitoring optimization, be aware that VPN monitoring can no longer provide accurate SNMP statistics. Also, if you are using VPN monitoring to track the availability of a particular destination IP address at the remote end of a tunnel, optimization can produce misleading results.
Click Return to return to the Manual Key VPN Tunnel configuration.