You need to provide VPN connectivity between multiple roaming users and the headquarters location.
Use NetScreen-Remote software to establish a secure tunnel to the hub location for a group of remote users with local Xauth authentication. Because multiple users will need to access this VPN, a shared IKE ID with a preshared key approach will be used.
First, define your protected resources (address objects):
set address trust mail1 10.140.10.10/32
Now, set the IKE ID, users, and group configuration:
set user lab_users ike-id firstname.lastname@example.org share-limit 250Corp-VPN-Hub->
set user-group dallab_users user lab_usersCorp-VPN-Hub->
set user dude password letmeinCorp-VPN-Hub->
set user dude type xauthCorp-VPN-Hub->
set user mike password 12345678Corp-VPN-Hub->
set user mike type xauth
Set the VPN Phase-1 and Phase-2 configurations:
set ike gateway lab_gateway dialup dallab_users aggressive outgoing-interface eth0/3 preshare juniper123 sec-level standard Shared IKE ID dial-up group configured. Please note XAUTH server must be turned on as well.Corp-VPN-Hub->
set ike gateway lab_gateway xauthCorp-VPN-Hub->
set vpn lab_vpn gateway lab_gateway sec-level standard
Create a new connection using the NetScreen-Remote setup (named "Corp" in this example), as shown in Figure 10-3.
Figure 10-3. Using ...