Juniper SA2500 behind a Netscreen 204

  • Currently, I have a NS-204 configured to handle about 25 VPN users and MIP’ed to an internal web server.  Radius authentication is provided by a Win 2003 server.

    I want to migrate to SSL VPN and believe a Juniper SA2500 would be a good choice, placing it behind the NS-204.  I would prefer to migrate a few users at a time off the NS-204 and onto the SA2500.

    My question is, does anyone see a problem doing this?  I’ve read the configurations in and would welcome any configuration suggestions.  Many thanks….

  • That is a good standard setup. We use a 1 arm in DMZ setup.

    The Juniper IVE SSLVPN uses http (80/tcp), https (443/tcp) & also IPSec (4500/udp but can be changed) to receive traffic from the outside world so you’ll have to configure your 204 so it can handle both VPNs traffic at the same time.

    The IVE supports both Radius and built in Windows AD authentication.

    It is well worth getting hold of the training for the SSLVPN. Especially the first standard course (the advanced course is good but it more large enterprise focused).