Juniper Config Guide AGGRESSIVE PSK

Download as pdf or txt
Download as pdf or txt
You are on page 1of 64

Configuration Guide

NCP Remote Access VPN Client for Juniper SRX

IKEv1 AGGRESSIVE Pre-shared key


You can use the NCP Secure Enterprise Management Server as a RADIUS server to authenticate users.

IKEv1 AGGRESSIVE Mode and Pre-shared key

This configuration example uses the NCP Secure Enterprise Management Server as a RADIUS server to
authenticate users

CLI Quick Configuration


set security policies default-policy permit-all
set interfaces st0 unit 0 family inet address 172.16.10.200/24
set security zones security-zone internet interfaces st0.0 host-inbound-traffic system-services all
set security zones security-zone internet interfaces st0.0 host-inbound-traffic protocols all
set security ike proposal IKE_PROP authentication-method pre-shared-keys
set security ike proposal IKE_PROP dh-group group19
set security ike proposal IKE_PROP authentication-algorithm sha-256
set security ike proposal IKE_PROP encryption-algorithm aes-256-cbc
set security ike proposal IKE_PROP lifetime-seconds 10000
set security ike policy IKE_POL mode aggressive
set security ike policy IKE_POL proposals IKE_PROP
set security ike policy IKE_POL pre-shared-key ascii-text "12345678"
set security ike gateway RAVPN_GW ike-policy IKE_POL
set security ike gateway RAVPN_GW dynamic hostname ncp.juniper.net
set security ike gateway RAVPN_GW dynamic user-at-hostname [email protected]
set security ike gateway RAVPN_GW dynamic connections-limit 100
set security ike gateway RAVPN_GW dynamic ike-user-type shared-ike-id
set security ike gateway RAVPN_GW external-interface ge-0/0/0
set security ike gateway RAVPN_GW aaa access-profile radius
set security ike gateway RAVPN_GW version v1-only
set security ipsec proposal IPSEC_PROP protocol esp
set security ipsec proposal IPSEC_PROP encryption-algorithm aes-256-gcm

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 1 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

set security ipsec proposal IPSEC_PROP lifetime-seconds 3600


set security ipsec policy IPSEC_POL perfect-forward-secrecy keys group19
set security ipsec policy IPSEC_POL proposals IPSEC_PROP
set security ipsec vpn RAVPN_VPN bind-interface st0.0
set security ipsec vpn RAVPN_VPN ike gateway RAVPN_GW
set security ipsec vpn RAVPN_VPN ike ipsec-policy IPSEC_POL
set security ipsec vpn RAVPN_VPN traffic-selector TS1 local-ip 0.0.0.0/0
set security ipsec vpn RAVPN_VPN traffic-selector TS1 remote-ip 0.0.0.0/0
set access profile radius authentication-order radius
set access profile radius radius-server 10.20.46.235 port 1812
set access profile radius address-assignment pool NCP_POOL
set access profile radius radius-server 10.20.46.235 secret "12345678"
set access address-assignment pool NCP_POOL family inet network 172.16.10.0/24
set access address-assignment pool NCP_POOL family inet xauth-attributes primary-dns 172.16.10.10/32
set access address-assignment pool NCP_POOL family inet xauth-attributes primary-wins 172.16.10.20/32
set security ike gateway RAVPN_GW tcp-encap-profile NCP
set security tcp-encap profile NCP
commit

Step-by-step Procedure

1) Define tunnel interface and policies


set security policies default-policy permit-all
set interfaces st0 unit 0 family inet address 172.16.10.200/24
set security zones security-zone internet interfaces st0.0 host-inbound-traffic system-services all
set security zones security-zone internet interfaces st0.0 host-inbound-traffic protocols all

2) Create IKE proposals (policies)


set security ike proposal IKE_PROP authentication-method pre-shared-keys
set security ike proposal IKE_PROP dh-group group19
set security ike proposal IKE_PROP authentication-algorithm sha-256
set security ike proposal IKE_PROP encryption-algorithm aes-256-cbc
set security ike proposal IKE_PROP lifetime-seconds 10000

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 2 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

set security ike policy IKE_POL mode aggressive


set security ike policy IKE_POL proposals IKE_PROP
set security ike policy IKE_POL pre-shared-key ascii-text “12345678"

3) Create IKE gateway


set security ike gateway RAVPN_GW ike-policy IKE_POL
set security ike gateway RAVPN_GW dynamic hostname ncp.juniper.net
set security ike gateway RAVPN_GW dynamic connections-limit 100
set security ike gateway RAVPN_GW dynamic ike-user-type shared-ike-id
set security ike gateway RAVPN_GW dynamic user-at-hostname [email protected]
set security ike gateway RAVPN_GW external-interface ge-0/0/0
set security ike gateway RAVPN_GW aaa access-profile radius
set security ike gateway RAVPN_GW version v1-only

4) Create IPsec proposals (policies)


set security ipsec proposal IPSEC_PROP protocol esp
set security ipsec proposal IPSEC_PROP encryption-algorithm aes-256-gcm
set security ipsec proposal IPSEC_PROP lifetime-seconds 3600
set security ipsec policy IPSEC_POL perfect-forward-secrecy keys group19
set security ipsec policy IPSEC_POL proposals IPSEC_PROP

5) Define VPN interface and routing information


set security ipsec vpn RAVPN_VPN bind-interface st0.0
set security ipsec vpn RAVPN_VPN ike gateway RAVPN_GW
set security ipsec vpn RAVPN_VPN ike ipsec-policy IPSEC_POL
set security ipsec vpn RAVPN_VPN traffic-selector TS1 local-ip 0.0.0.0/0
set security ipsec vpn RAVPN_VPN traffic-selector TS1 remote-ip 0.0.0.0/0

6) Create access profile for RADIUS server


set access profile radius authentication-order radius
set access profile radius radius-server 10.20.46.234 port 1812
set access profile radius address-assignment pool NCP_POOL
set access profile radius radius-server 10.20.46.234 secret "12345678"

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 3 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

7) Create IP address pool for Remote Access Users


set access address-assignment pool NCP_POOL family inet network 172.16.10.0/24
set access address-assignment pool NCP_POOL family inet xauth-attributes primary-dns 172.16.10.10/32
set access address-assignment pool NCP_POOL family inet xauth-attributes primary-wins 172.16.10.20/32

8) Enable NCP Path Finder Technology (TCP encapsulation)


set security ike gateway RAVPN_GW tcp-encap-profile NCP
set security tcp-encap profile NCP

8) Commit changes
commit

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 4 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Configure NCP Exclusive Remote Access Client for Windows


Create new Connection Profile (Configuration – Profiles)

Click on “Add” to create a new Connection Profile

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 5 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 6 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 7 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 8 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 9 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 10 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 11 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 12 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Edit the Profile

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 13 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Change the protocol and enter the pre-shared key

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 14 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Establish the VPN connection

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 15 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 16 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Configure NCP Exclusive Remote Access Client for macOS


Create new Connection Profile (NCP Exclusive Remote Access Client – Profiles…)

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 17 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Click on “+” to create a new Connection Profile

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 18 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 19 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 20 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 21 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 22 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 23 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Edit the Profile

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 24 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Change the protocol and enter the pre-shared key

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 25 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Establish the VPN connection

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 26 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 27 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Configure NCP Exclusive Remote Access Client for Android


Create new Connection Profile (Menue – Configure – Profile configuration – Add Profile)

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 28 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 29 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 30 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 31 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 32 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Enter name for connection profile

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 33 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Enter name or IP address of Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 34 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Enable Extended Authenctication (XAUTH) and enter username and password

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 35 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 36 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 37 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Enter the pre-shared key

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 38 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Enter IKE-ID

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 39 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Choose the Exchange mode (Aggressive Mode (IKEv1))

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 40 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Save the profile by clicking on “Save” or the back button on the device

The configuration can also be imported via the app

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 41 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Copy the configuration ncpphone.cfg or ncpphone.cnf into the folder Device storage/NCP/Import

Open the menu and choose “Import/Export”

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 42 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Enable ncpphone.cfg and press the back/return button on your device

The configuration will be imported

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 43 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Click on the slide button to establish a connection

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 44 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

If the establish the connection the first time, Android will ask you to allow the VPN client to establish a
connection. Click on “OK”

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 45 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

VPN connection is established

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 46 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Configure NCP Exclusive Remote Access Client for iOS


The configuration of the iOS client is done on the NCP Secure Enterprise Management Server.
After you create a configuration on the NCP Secure Enterprise Management Server, you are able to export
the configuration file ncpphone.ncpconfigsem. The file ending needs to be .ncpconfigsem

There are 2 ways to import the profile


1) Import by sending it over email or downloading it from a webserver
This sample will show the import if the file is sent via email

Send the .ncpconfigsem file via email to your iOS device

Open the email with the attachment

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 47 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Click on the .ncpconfigsem file and choose “Copy to NCP Client”

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 48 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 49 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Click “Import” to start the import process

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 50 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Allow to add a new VPN configuration by clicking on “Allow”

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 51 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Enter you iPhone/iPad passcode to import the configuration

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 52 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

The import of the configuration was successful

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 53 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

2) Import over iTunes


Connect the iOS devise with your computer

Open iTunes on your computer

Click on the device button

Go to File Sharing and click on NCP Client

Add the configuration via “Add File…” and click “Sync” to synchronize the information with the iOS device

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 54 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 55 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Open the App on the iOS device

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 56 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Go to “Diagnostics” and “Configuration Import”

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 57 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Click on the .ncpconfigsem file to start the import process

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 58 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Click on “Import”

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 59 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Click “Allow” to add another VPN configuration

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 60 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Enter your iPhone/iPad passcode to import the configuration

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 61 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

The import of the configuration was successful

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 62 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Click the slide button to establish the VPN connection

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 63 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299
Configuration Guide
NCP Remote Access VPN Client for Juniper SRX

Americas: NCP engineering, Inc. 678 Georgia Ave. · Sunnyvale, CA 94085 · Phone: +1 (650) 316-6273 · www.ncp-e.com Page 64 / 64
Others: NCP engineering GmbH · Dombuehler Str. 2 · 90449 Nuremberg · Germany · Fon +49 911 9968-0 · Fax +49 911 9968-299

You might also like