AJVI – Advanced Juniper Networks IPSec VPN Implementations

Duration:   2 Days
Price:   $2195.00
Test Level:    0
Certifications:   JNCIS-FWV
Exams:   JNO-532

 
Course Overview
The two-day intermediate-level AJVI course focuses on the wide range of options and the configuration options for various VPN designs and options available when configuring VPNs using a Juniper ScreenOS-based Firewall/VPN devices. Upon completion of the course, students will understand when and how to configure the following VPN Scenarios.

Students attending the course will learn these various deployments through detailed lectures and hands-on lab exercises.

Course Objective

  • VPN Concepts
  • IPSec VPN operations
  • Basic VPN Configuration
  • Hub and Spoke VPNs Theory and Configuration
  • ScreenOS-specific features (NHTB)
  • Using Certificates
  • PKI Theory
  • Certificate implementation
  • SCEP and OCSP
  • Dynamic Peer VPN Implementation
  • Transparent Mode VPN Implementation
  • VPNs with Overlapping Addresses
  • VPN Redundancy
  • Dial-Up VPN Options
  • Group IKE ID
  • XAUTH
  • Shared IKE ID

Target Audience
Network engineers, technical support personnel, reseller support engineers, and others responsible for implementing and or maintaining the Juniper Networks products covered in this course.

Course Outline
Day 1

Chapter 1: Course Introduction

Chapter 2: ScreenOS VPN Basics Review

  • VPN Review
  • Verifying Operations
  • VPN Monitor

Chapter 3: VPN Variations

  • Dynamic Peers
  • Transparent Mode
  • Overlapping Addresses

Chapter 4: Hub-and-Spoke VPNs

  • Concepts
  • Policy-Based Hub-and-Spoke
  • Route-Based Hub-and-Spoke VPNs with No Policy and NHTB
  • Route-Based Hub-and-Spoke VPNs with Policy
  • Centralized Control Hub-and-Spoke VPNs
  • ACVPNs

Chapter 5: Routing over VPNs

  • Routing Overview
  • Configuring RIP
  • Configuring OSPF
  • Case Studies

Day 2

Chapter 6: Using Certificates

  • Concepts and Terminology
  • Configuring Certificates and Certificate Support
  • Configuring VPNs with Certificates

Chapter 7: Redundant VPN Gateways (Optional)

  • Redundant VPN Gateways
  • Other Options

Chapter 8: Generic Routing Encapsulation (Optional)

  • Configuring GRE

Chapter 9: Dial-Up IPsec VPNs (Optional)

  • Basic Dial-up Configuration
  • Group IKE ID
  • XAUTH and Shared IKE ID

Appendix A: NetScreen-Remote Software (Optional)

  • NS-Remote Overview
  • Basic Dial-Up
  • XAUTH and Shared IKE ID

This course is available as open-enrollment Classroom event, instructor-led Live Virtual Class, REAL-ILT™ or as part of a custom Onsite Training for up to 16 students.

Prerequisites
This course assumes that students have successfully completed the INSG 5.0 course or have equivalent experience with ScreenOS. Specifically, students need to be familiar with configuration of:

  • Ethernet
  • Transparent Bridging
  • TCP/IP Operations
  • IP Addressing
  • Routing
  • Basic IPSec VPN deployments