Advanced Juniper Networks IPSec VPN Implementations

Course ID    :   EDU-JUN-AJVI

Length    :   Two days

About this Course Overview

This two-day, advanced-level course focuses on the wide range of options available when configuring virtual private networks (VPNs) using Juniper Networks firewall/VPN products. Students attending the course will learn these various deployments through detailed lectures and hands-on lab exercises. The course is based on ScreenOS version 6.2.


After successfully completing this course, you should be able to:

  • Configure LAN-to-LAN IP Security (IPsec) VPNs in various configurations.
  • Configure VPN redundancy.
  • Configure dynamic routing using IPsec VPNs.
  • Configure remote access IPsec connectivity including group Internet Key Exchange (IKE) and shared IKE.
  • Configure generic routing encapsulation (GRE) tunnels.

Intended Audience

This course is intended for network engineers, network support personnel, and reseller support.

Course Level

AJVI is an advanced-level course.


Prerequisites for this course include the following:

  • Completion of the Configuring Juniper Networks Firewall/IPsec VPN Products (CJFV) course or equivalent experience with ScreenOS software; and
  • General networking knowledge including an understanding of Ethernet, TCP/IP, and routing concepts.

Course Contents

Day One

Chapter 1  :  Course Introduction

Chapter 2  :  ScreenOS VPN Basics Review

  • VPN Review
  • Verifying Operations
  • VPN Monitor
  • Lab 1: VPN Review

Chapter 3: VPN Variations

  • Dynamic Peers
  • Transparent Mode
  • Overlapping Addresses
  • Lab 2: VPN Variations

Chapter 4: Hub-and-Spoke VPNs

  • Concepts
  • Policy-Based Hub-and-Spoke
  • Route-Based Hub-and-Spoke VPNs with No Policy and NHTB
  • Route-Based Hub-and-Spoke VPNs with Policy
  • Centralized Control Hub-and-Spoke VPNs
  • ACVPNs
  • Lab 3: Hub-and-Spoke VPNs

Chapter 5: Routing over VPNs

  • Routing Overview
  • Configuring RIP
  • Configuring OSPF
  • Case Studies
  • Lab 4: Dynamic Routing

Day Two - Chapter 6: Using Certificates

  • Concepts and Terminology
  • Configuring Certificates and Certificate Support
  • Configuring VPNs with Certificates
  • Lab 5: Using Certificates

Chapter 7: Redundant VPN Gateways (Optional)

  • Redundant VPN Gateways
  • Other Options

Chapter 8: Generic Routing Encapsulation (Optional)

  • Configuring GRE

Chapter 9: Dial-Up IPsec VPNs (Optional)

  • Basic Dial-up Configuration
  • Group IKE ID
  • XAUTH and Shared IKE ID

Appendix A: NetScreen-Remote Software (Optional)

  • NS-Remote Overview
  • Basic Dial-Up
  • XAUTH and Shared IKE ID
  • Lab 6: Dial-Up VPNs (Optiona