junxion box user guide 31
enterprise data. For a successful confi guration, all settings for the VPN tunnel must be
identical between the Junxion VPN and the enterprise VPN server.
Server IP. This is the IP address of your enterprise VPN server.
Server Subnet. The default confi guration is 0.0.0.0/0 which will direct all traffi c over
the VPN. The Junxion Box also supports split tunnels with one encrypted tunnel and
one open tunnel. A sample server subnet for a split tunnel would be 172.16.1.0/24.
Split tunnel VPNs should be setup with care, as a split tunnel confi guration with both
an enterprise VPN and access to the public Internet can inadvertently expose company
resources.
My Identity and Peer Identity. Required in some confi gurations to identify the client
or peer side of a VPN connection. If these fi elds are left blank, My Identity will default
to the WAN IP address assigned by the carrier and Peer Identity will default to the VPN
Server IP. For a fully qualifi ed domain name (FQDN), these values should be preceded
by an ‘@’ character (@www.domain.com). For user-FQDN, these values should include a
username (user@domain.com).
NTP Server. The Network Time Protocol Server ensures the clock on the Juxnion VPN
is synched to standard time. The default NTP server is pool.ntp.org. You can specify any
preferred NTP server.
Phase 1 DH Group. Determines how the Junxion VPN creates an SA with the VPN
server. The DH (Diffi e-Hellman) key exchange protocol establishes pre-shared keys
during the phase 1 authentication. Junxion supports three prime key lengths,
including Group 1 (768 bits), Group 2 (1,024 bits), and Group 5 (1,536 bits).
Figure: Services Page (continued)