Enterasys Networks XSR-3150 manual Configuring VPN at Interface Mode and Setting Up RIP

Page 73

VPN Site-to-Site Sample Configuration

XSR(config)#crypto map acme 91

XSR(config-crypto-m)#set transform-set esp-3des-sha

XSR(config-crypto-m)#match address 191

XSR(config-crypto-m)#set peer 112.16.244.7

XSR(config)#crypto map acme 90

XSR(config-crypto-m)#set transform-set esp-3des-sha

XSR(config-crypto-m)#match address 190

XSR(config-crypto-m)#set peer 112.16.244.9

Configuring VPN at Interface Mode and Setting Up RIP

The following commands configure the LAN physical ports as follows: GigabitEthernet port 1 is designated Internal LAN, with the specified IP address/subnet as the designated network. GigabitEthernet port 2 is named VPN Cloud, assigned crypto map acme with associated ACLs, and directed not to transmit or receive RIP updates. Also, RIP routing and four IP routes are configured as well as a VPN interface for AAA service.

XSR(config)#interface gigabitethernet 1

XSR(config-if<F1>)#description “Internal LAN”

XSR(config-if<F1>)#no shutdown

XSR(config-if<F1>)#ip address 112.16.1.221/24

XSR(config)#interface gigabitethernet 2

XSR(config-if<F2>)#crypto map acme

XSR(config-if<F2>)#description “VPN Cloud”

XSR(config-if<F2>)#no shutdown

XSR(config-if<F2>)#ip access-group 101 in

XSR(config-if<F2>)#ip access-group 101 out

XSR(config-if<F2>)#ip address 112.16.244.10/24

XSR(config)#interface vpn 57 multi-point

XSR(config-int-vpn)#ip address 192.168.2.1 255.255.255.0

XSR(config)#router rip

XSR(config-router)#network 112.16.10.0

XSR(config-router)#passive-interface gigabitethernet 2

XSR(config-router)#no receive-interface gigabitethernet 2

XSR(config-router)#distribute-list 1 out vpn 1

XSR(config)#ip route 0.0.0.0 0.0.0.0 112.16.244.9

XSR(config)#ip route 112.16.72.0/24 112.16.244.9

XSR(config)#ip route 112.16.76.0/24 112.16.244.7

XSR(config)#ip route 112.16.80.0/24 112.16.244.5

XSR Getting Started Guide 3-29

Page 72 Page 74
Image 73
Page 72 Page 74
Contents Version PeditionSecurity RouterPage Enterasys Networks, Inc Minuteman Road Andover, MA Regulatory Compliance Information Industry Canada Notices Product Safety Supplement to Product Instructions Vcci Notice N826 Enterasys Networks, Inc. Firmware License Agreement Page Page Contents BRI Leased Line BRI Leased Frame Relay BRI Switched Line Index Appendix a SpecificationsXiv About This Guide Contents of the GuideBold/En negrilla FTP Getting HelpXviii System Description OverviewTypical XSR-3150 Topology Hardware FeaturesXSR-3150 Operating System Software FeaturesIndustry-common CLI IP ProtocolSnmp and Statistics Gathering IP RoutingFrame Relay SecurityIntegrated Services Digital Network Isdn BRI/PRI Dynamic Host Configuration Protocol DhcpVirtual Private Network VPN Quality of Service QoSGRE over IPSec Dial Backup Dial ServiceAsynchronous Digital Subscriber Line Adsl Dial-on-Demand/Bandwidth-on-Demand DoD/BoDUnpack the XSR from the shipping box. Remove accessories Installation OverviewInstallation Overview Introduction Installation Site SuggestionsVerifying Your Shipment Removing XSR Cover Installing NIM Cards and Rack MountingXSR Fastening Rack Brackets CompactFlash Card Installation Installing a CompactFlash Memory CardFormatting the CompactFlash Card CompactFlash Card for the Adsl NIM3150 Connecting Cables11 Connecting High Speed Serial Connector 13 Connecting Adsl Connector 15 Attaching GigabitEthernet Connector 17 Attaching Ethernet LAN NIM Connector 19 Connecting Dual Internal Power Supply Cords Initializing XSR Software Software ConfigurationInitializing XSR Software Configuring RAI for Frame Relay Optional Configuring Remote Auto InstallOpening a COM Console Session Remote Auto Install Attempting Forever Configuring RAI over Adsl Configuring RAI for Dhcp over LANPppoe limit max-sessions Setting the Clock Configuring the XSR Name and User InformationSetting User Name, Privilege and Password Configuring the WAN Ports Configuring the LAN PortsPRI Configuration BRI Leased Line BRI ConfigurationBRI Leased Frame Relay BRI Switched LinePPPoE Adsl ConfigurationPPPoA IPoA Firewall Sample ConfigurationXSR Complete LAN and WAN interface configuration Setting Up RIP RoutingConfiguring Frame Relay Point to Point Networks Configure Ospf RoutingSetting Up an Snmp Community String, Traps and V3 Values Configuring Message Logging and Severity Level Connecting Remotely via the Web Viewing Your ConfigurationWeb Product Version Window Pstn LAN-PPP Services Sample ConfigurationXSRconfig-controllerT1-1/0#no shutdown Configure Users and Passwords Frame Relay WAN Link with PPP Backup Sample ConfigurationConfigure LAN Interface Configure Quality of ServiceXSRconfig-pmap-cpriority-policy#priority high 30 Configure WAN/Frame Relay PortApply QoS XSRconfig#interface serial 1/0.2 multipointConfigure More Access Lists Configure Ospf RoutingConfigure DHCP/BOOTP Relay Configure the Dial Backup ConnectionConfigure Snmp Configure Access Control Lists VPN Site-to-Site Sample ConfigurationGenerate Master Encryption Key Configure IKE Policy for Remote Peer Set Up IKE Phase I SecurityConfigure Crypto Maps Create a Transform SetConfiguring VPN at Interface Mode and Setting Up RIP Configuring Authentication AAA VPN Sample Configuration with Network Extension ModeEnable Network Address Translation Create the Isakmp IKE global peer Initialization Output XSR Rebooting CharacteristicsPower-Up Reboot Reboot TriggersPower-up Error Conditions Bootrom Monitor Mode CommandsXSR-3150 bu btXSR300012.fls Verifying btXSR300012.fls file Copy Dir DelFfc Rename RemoveFTP Bootrom Monitor Mode Commands System Specifications SpecificationsWAN Cable, CompactFlash and Accessory SpecificationsXSR Getting Started Guide A-3 COM COM Console PortMini-GBIC Fiber, Copper Port GigabitEthernet PortsCopper/Fiber-optic Ethernet NIMs Regulatory/Safety Compliance21 DTE Port Serial NIM Card PortFigure A-8 EIA-232/530 DTE Pin Assignments Figure A-9 EIA-449 DTE Pin Assignments Figure A-10 Combined V.35/EIA-232/530 DTE Pin Assignments Figure A-11 DTE Pin Assignments T1/E1/ISDN PRI T1/E1/ISDN PRI NIM Card PortsFigure A-14 Balun for E1 or PRI Connection Balun for E1 or PRI NIM CardsGrounding Shunt for E1 NIM Cards Installing Shunt/Terminal StripFigure A-17 1-Port T3/E3 NIM Card T3/E3 NIM CardTermination Shunt for the Isdn BRI-S/T NIM Card Port BRI-S/T Isdb NIM Card PortsXSR Getting Started Guide A-17 Figure A-21 Isdn BRI-U NIM Card RJ-49C ports shown Port BRI-U NIM Card PortsFigure A-23 Adsl NIM Card Port Adsl NIM Card PortFigure A-25 T1/E1 D&I NIM Card T1/E1 Drop & Insert D&I NIMLED Behavior CompactFlash Memory CardTX LED Index Index-2
Top Page Image Contents