Patton electronic 2800 user manual Cisco router configuration

Page 77

OnSite 2800 Series User Manual	6 • VPN configuration

Rest of the configuration, see above, just change the name of the IPsec policy pro- file in the ACL profile ‘VPN_Out’

Cisco router configuration

crypto ipsec transform-set AES_SHA1 ah-sha-hmac esp-aes 256

!

crypto map VPN_AES_SHA1 local-address FastEthernet0/1 crypto map VPN_AES_SHA1 10 ipsec-manual

set peer 200.200.200.2

set session-key inbound esp 6666 cipher FEDCBA0987654321FEDCBA0987654321FEDCBA0987654321FEDCBA0987654321

set session-key outbound esp 5555 cipher 1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF

set session-key inbound ah 4444 FEDCBA0987654321FEDCBA0987654321FEDCBA09 set session-key outbound ah 3333 1234567890ABCDEF1234567890ABCDEF12345678 set transform-set AES_SHA1

match address 110

!

...

For the remainder of the configuration (see above), just change the name of the IPsec policy profile in the ACL profile VPN_Out

IPsec tunnel, 3DES encryption at 192 bit key length, ESP authentication with HMAC-MD5-96

OnSite configuration

profile ipsec-transform TDES_MD5 esp-encryption 3des-cbc 192 esp-authentication hmac-md5-96

profile ipsec-policy-manual VPN_TDES_MD5 use profile ipsec-transform TDES_MD5

session-key inbound esp-authentication 1234567890ABCDEF1234567890ABCDEF session-key outbound esp-authentication FEDCBA0987654321FEDCBA0987654321 session-key inbound esp-encryption

1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF session-key outbound esp-encryption

FEDCBA0987654321FEDCBA0987654321FEDCBA0987654321 spi inbound esp 7777

spi outbound esp 8888 peer 200.200.200.1 mode tunnel

...

For the remainder of the configuration (see above), just change the name of the IPsec policy profile in the ACL profile VPN_Out

Cisco router configuration

crypto ipsec transform-set 3DES_MD5 esp-3des esp-md5-hmac

!

crypto map VPN_3DES_MD5 local-address FastEthernet0/1 crypto map VPN_3DES_MD5 10 ipsec-manual

set peer 200.200.200.2

Sample configurations

77

Image 77

Contents Managed VPN Router Mailsupport@patton.com Summary Table of Contents Table of Contents Getting started with the OnSite Managed VPN Router VPN configuration LEDs status and monitoring 112 Cabling 124 OnSite 2800 Series factory configuration 132 List of Figures List of Tables Structure About this guideAudience Impaired functioning PrecautionsSafety when working with electricity General observations General conventions Typographical conventions used in this documentGeneral information Chapter contentsOnSite Managed VPN Router 2805 shown OnSite Model 2800 Series overviewOnSite 2800 Series model codes OnSite 2800 Series detailed descriptionDMZ Model code extensions OnSite 2800 Series power input connectorsOnSite 2800 Series rear-panel ports are described in table Ports descriptionsApplications overview Corporate multi-function virtual private network Corporate multi-function virtual private networkGeneral information Hardware installation Create a network diagram see section Network information on Planning the installationInstallation checklist Site log Power sourceNetwork information IP related informationConnecting cables Installing the VPN routerInstalling the Ethernet cable Location and mounting requirementsConnecting an OnSite 2800 Series device to a hub Installing the serial WAN cableDCD Hardware installation Rear panel of 2803K/EUI Rear panel of 2803K/UI Pins not listed are not usedPower connector location on rear panel Connecting to external power sourceUI and EUI power supplies automatically adjust to accept an Getting started with the OnSite Managed VPN Router Introduction Configure IP addressPower connection and default configuration Configure IP addressAll Ethernet interfaces are activated upon power-up Terminal emulation program settings 9600 bps No parity BitSelect the context IP mode to configure an IP interface LoginStop bit No flow control Changing the IP addressRespectively from the host ping Load configurationConnect the OnSite VPN Router to the network Load configuration Serial port configuration Disabling an interface Serial port configuration task listEnabling an interface Port Configuring the encapsulation for Frame RelayExample Configuring the serial encapsulation type Configuring the LMI type Enter Frame Relay modeEntering Frame Relay PVC configuration mode Configuring the keep-alive intervalBinding the Frame Relay PVC to IP interface Configuring the PVC encapsulation typeMode PVC Disabling a Frame Relay PVC Enabling a Frame Relay PVCCRC Displaying serial port informationDlci Displaying Frame Relay informationIntegrated service access Port Configure the serial interface settingsCheck that the Frame Relay settings are correct Configure the introduced PVCsT1/E1 port configuration Enable/Disable T1/E1 port T1/E1 port configuration task listConfiguring T1/E1 port-type Mode port e1t1 slot portConfiguring T1/E1 clock-mode Configuring T1/E1 line-codeConfiguring T1/E1 line-build-out T1 only Configuring T1/E1 framingConfiguring T1/E1 used-connector E1 only Name prt-e1t1 slot/port# framingConfiguring T1/E1 LOS threshold Configuring T1/E1 application modeConfiguring T1/E1 encapsulation Default short-haulConfiguring Channel-Group Timeslots Be used Mode port e1t1 slot portMode channel-group group-name Configuring Channel-Group EncapsulationConfiguring Hdlc Encapsulation Configuring Hdlc CRC-TypeT1/E1 Configuration Examples Default no encapsulationExample 1 Frame Relay without a channel-group Example 4 PPP with a channel-group Example 2 Framerelay with a channel-groupExample 3 PPP without a channel-group VPN configuration Encryption AuthenticationCreating an IPsec transformation profile VPN configuration task listTransport and tunnel modes Creating an IPsec policy profile Procedure To create an IPsec policy profileNodecfg#profile ipsec-policy-man Creating/modifying an outgoing ACL profile for IPsec Displaying IPsec configuration information Configuration of an IP interface and the IP router for IPsecExample Display IPsec policy profiles Example Display IPsec transformation profilesDebugging IPsec Example IPsec Debug OutputIPsec tunnel, DES encryption Sample configurationsOnSite configuration Cisco router configuration Cisco router configuration VPN configuration Access control list configuration Why you should configure access lists About access control listsWhat access lists do Features of access control lists When to configure access listsMapping out the goals of the access control list Access control list configuration task listNodepf-acl name#permit ip src src-wildcard any Src-wildcard Where the syntax isType type type type code code cos group Nodepf-acl name#permit icmp src src-wildcard anyNodepf-acl name#deny icmp src src-wildcard Any host src dest dest-wildcard any host destMsg name Where the syntax is as followingCard any host src eq port gt port lt port range Nodepf-acl name#permit tcp udp sctp src src-wildPort lt port range from to cos group cos-rtp group Nodepf-acl name#deny tcp udp sctp src srcGroup-data Where the syntax is Debugging an access control list profile Unbind an access control list profile from an interfaceDisplaying an access control list profile Control list profile shall be debugged Denying a specific subnet ExamplesLink scheduler configuration Configuring access control lists Applying scheduling at the bottleneck Configuring quality of service QoSUsing traffic classes Priority Weighted fair queuing WFQIntroduction to Scheduling Hierarchy ShapingBurst tolerant shaping or wfq Some explanations Setting the modem rateQuick references Command cross reference Link scheduler configuration task listPacket classification Defining the access control list profileScenario with Web server regarded as a single source host Creating an access control listNodecfg#profile acl name Creating a service policy profileNodepf-acl name#permit ip host ip-address any traffic-class Nodepf-acl name#permit ip any anyStructure of a Service-Policy Profile Specifying the handling of traffic-classes Defining fair queuing weightDefining the bit-rate Specifying the type-of-service TOS fieldDefining absolute priority Defining the maximum queue lengthSpecifying the precedence field Specifying differentiated services codepoint Dscp markingNodesrc name#set ip tos value Nodesrc name#set ip precedence valueNodesrc name#set layer2 cos value Specifying layer 2 markingNodesrc name#set ip dscp value Nodesrc name#random-detect burst-tolerance Defining random early detectionDiscarding Excess Load Policy name in out Devoting the service policy profile to an interfaceNodeif-ip if-name#use profile service Displaying link scheduling profile information Enable statistics gatheringDisplaying link arbitration status Values defining detail of the queuing statistics LEDs status and monitoring Status LEDs Contacting Patton for assistance Patton Support Headquarters in the USA Warranty coverageContact information Returns for credit Out-of-warranty serviceReturn for credit policy RMA numbersAppendix a Compliance information Compliance SafetyRadio and TV Interference FCC Part CE Declaration of ConformityIndustry Canada Notice Model 2803 only Authorized European RepresentativeFCC Part 68 Acta Statement Model 2803 only Appendix B Specifications Sync serial interface Ethernet interfacesT1/E1 interface Model 2803 only PPP supportDimensions IP servicesManagement Operating environmentInternal AC version Power supplyInternal power supply 100-240 VAC, 50/60 Hz, 200 mA Appendix C Cabling Serial console Connecting a serial terminalEthernet cross-over Ethernet 10Base-T and 100Base-TEthernet straight-through Appendix D Port pin-outs EIA-561 RJ-45 8-pin port RS-232 Console Port Console port, RJ-45, EIA-561 RS-232Sync serial port Ethernet 10Base-T and 100Base-T portEthernet ports are auto-detect MDI-X Serial port21 Female DB-15 connector Appendix E OnSite 2800 Series factory configuration OnSite 2800 Series factory configuration Appendix F Installation checklist Installation checklist

Related manuals

Manual 8 pages 44.23 Kb