Enterasys Networks XSR-3150 manual GRE over IPSec

Page 29

System Description

Certificates (embedded/smart cards) – Microsoft only

•Encryption

•Advanced Encryption Standard (AES), Triple Data Encryption Standard (3DES), Data Encryption Standard (DES)

•3DES/DES acceleration

•Data Integrity

•MD5 & SHA-1 algorithms

•Internet Protocol Security (IPsec)

•Encapsulating Security Payload (ESP), Authentication Header (AH) & IPComp

•Tunnel & Transport mode

•Diffie-Hellman Groups 1 & 2

•Mode Config for IP address assignment

•NAT Traversal via UDP encapsulation

•Public Key Infrastructure (PKI)

•Microsoft, Verisign Certificate Authority (CA) support

•Simple Certificate Enrollment Protocol (SCEP)

•Chained CA support

•CRL checking (Hypertext Transfer Protocol [HTTP] & Lightweight Directory Access Protocol (LDAP)

•Network Address Translation (NAT)

•Static NAT, on the interface and port-forwarded static NAT

•PAT (NAPT) by port source and destination address

•Dynamic NAT by source/destination IP address

•Dynamic NAT pool mapping with overload

•PPTP/GRE ALG and arbitrary IP address for NAPT

•Multiple NATs on an interface

•Dynamic Host Configuration Protocol (DHCP)

•DHCP Server

•OSPF over VPN

•DF Bit override

GRE over IPSec

•ToS bit preservation

•IP helper on VPN interfaces

•IETF/Microsoft-compatible NAT traversal for L2TP

•QoS over VPN

XSR Getting Started Guide 1-9

Image 29

Contents Version PeditionSecurity RouterPage Enterasys Networks, Inc Minuteman Road Andover, MA Regulatory Compliance Information Industry Canada Notices Product Safety Supplement to Product Instructions Vcci Notice N826 Enterasys Networks, Inc. Firmware License Agreement Page Page Contents BRI Leased Line BRI Leased Frame Relay BRI Switched Line Index Appendix a SpecificationsXiv About This Guide Contents of the GuideBold/En negrilla FTP Getting HelpXviii System Description OverviewTypical XSR-3150 Topology Hardware FeaturesXSR-3150 Operating System Software FeaturesIndustry-common CLI IP ProtocolSnmp and Statistics Gathering IP RoutingFrame Relay SecurityIntegrated Services Digital Network Isdn BRI/PRI Dynamic Host Configuration Protocol DhcpVirtual Private Network VPN Quality of Service QoSGRE over IPSec Dial Backup Dial ServiceAsynchronous Digital Subscriber Line Adsl Dial-on-Demand/Bandwidth-on-Demand DoD/BoDUnpack the XSR from the shipping box. Remove accessories Installation OverviewInstallation Overview Verifying Your Shipment Installation Site SuggestionsIntroduction Removing XSR Cover Installing NIM Cards and Rack MountingXSR Fastening Rack Brackets CompactFlash Card Installation Installing a CompactFlash Memory CardFormatting the CompactFlash Card CompactFlash Card for the Adsl NIM3150 Connecting Cables11 Connecting High Speed Serial Connector 13 Connecting Adsl Connector 15 Attaching GigabitEthernet Connector 17 Attaching Ethernet LAN NIM Connector 19 Connecting Dual Internal Power Supply Cords Initializing XSR Software Software ConfigurationInitializing XSR Software Opening a COM Console Session Optional Configuring Remote Auto InstallConfiguring RAI for Frame Relay Remote Auto Install Attempting Forever Configuring RAI over Adsl Configuring RAI for Dhcp over LANPppoe limit max-sessions Setting User Name, Privilege and Password Configuring the XSR Name and User InformationSetting the Clock PRI Configuration Configuring the LAN PortsConfiguring the WAN Ports BRI Leased Line BRI ConfigurationBRI Leased Frame Relay BRI Switched LinePPPoA Adsl ConfigurationPPPoE IPoA Firewall Sample ConfigurationXSR Complete LAN and WAN interface configuration Setting Up RIP RoutingConfiguring Frame Relay Point to Point Networks Configure Ospf RoutingSetting Up an Snmp Community String, Traps and V3 Values Configuring Message Logging and Severity Level Connecting Remotely via the Web Viewing Your ConfigurationWeb Product Version Window Pstn LAN-PPP Services Sample ConfigurationXSRconfig-controllerT1-1/0#no shutdown Configure Users and Passwords Frame Relay WAN Link with PPP Backup Sample ConfigurationConfigure LAN Interface Configure Quality of ServiceXSRconfig-pmap-cpriority-policy#priority high 30 Configure WAN/Frame Relay PortApply QoS XSRconfig#interface serial 1/0.2 multipointConfigure More Access Lists Configure Ospf RoutingConfigure DHCP/BOOTP Relay Configure the Dial Backup ConnectionConfigure Snmp Generate Master Encryption Key VPN Site-to-Site Sample ConfigurationConfigure Access Control Lists Configure IKE Policy for Remote Peer Set Up IKE Phase I SecurityConfigure Crypto Maps Create a Transform SetConfiguring VPN at Interface Mode and Setting Up RIP Configuring Authentication AAA VPN Sample Configuration with Network Extension ModeEnable Network Address Translation Create the Isakmp IKE global peer Initialization Output XSR Rebooting CharacteristicsPower-Up Reboot Reboot TriggersPower-up Error Conditions Bootrom Monitor Mode CommandsXSR-3150 bu btXSR300012.fls Verifying btXSR300012.fls file Copy Dir DelFfc Rename RemoveFTP Bootrom Monitor Mode Commands System Specifications SpecificationsWAN Cable, CompactFlash and Accessory SpecificationsXSR Getting Started Guide A-3 COM COM Console PortMini-GBIC Fiber, Copper Port GigabitEthernet PortsCopper/Fiber-optic Ethernet NIMs Regulatory/Safety Compliance21 DTE Port Serial NIM Card PortFigure A-8 EIA-232/530 DTE Pin Assignments Figure A-9 EIA-449 DTE Pin Assignments Figure A-10 Combined V.35/EIA-232/530 DTE Pin Assignments Figure A-11 DTE Pin Assignments T1/E1/ISDN PRI T1/E1/ISDN PRI NIM Card PortsFigure A-14 Balun for E1 or PRI Connection Balun for E1 or PRI NIM CardsGrounding Shunt for E1 NIM Cards Installing Shunt/Terminal StripFigure A-17 1-Port T3/E3 NIM Card T3/E3 NIM CardTermination Shunt for the Isdn BRI-S/T NIM Card Port BRI-S/T Isdb NIM Card PortsXSR Getting Started Guide A-17 Figure A-21 Isdn BRI-U NIM Card RJ-49C ports shown Port BRI-U NIM Card PortsFigure A-23 Adsl NIM Card Port Adsl NIM Card PortFigure A-25 T1/E1 D&I NIM Card T1/E1 Drop & Insert D&I NIMLED Behavior CompactFlash Memory CardTX LED Index Index-2