Enterasys Networks XSR-3150 manual Create the Isakmp IKE global peer

Page 76

VPN Sample Configuration with Network Extension Mode

Create user(s), specify an IP from virtual subnet, and assign a password:

XSR(config)#aaa user nem-test

XSR(config)#password welcome

XSR(config)#aaa user jeffb

XSR(config)#password welcome

Check to make sure the transforms and proposals were created properly:

XSR#show crypto ipsec transform-set

ESP

ESP-AH

AH

IPCOMP

Name

PFS

----

---

---

------

--

------

*ez-esp-3des-sha-pfs

Modp768

3DES

HMAC-SHA

None

None

*ez-esp-3des-sha-no-pfs

Disabled

3DES

HMAC-SHA

None

None

*ez-esp-3des-md5-pfs

Modp768

3DES

HMAC-MD5

None

None

*ez-esp-3des-md5-no-pfs

Disabled

3DES

HMAC-MD5

None

None

*ez-esp-aes-sha-pfs

Modp768

AES

HMAC-SHA

None

None

*ez-esp-aes-sha-no-pfs

Disabled

AES

HMAC-SHA

None

None

*ez-esp-aes-md5-pfs

Modp768

AES

HMAC-MD5

None

None

*ez-esp-aes-md5-no-pfs

Disabled

AES

HMAC-MD5

None

None

XSR#show crypto isakmp proposal

Encrypt

Integrity

Group

Lifetime

Name

Authentication

----

--------------

-------

---------

-----

--------

*ez-ike-3des-sha-psk PreSharedKeys

3DES

HMAC-SHA

Modp1024

28800

*ez-ike-3des-md5-psk PreSharedKeys

3DES

HMAC-MD5

Modp1024

28800

*ez-ike-3des-sha-rsa RSASignature

3DES

HMAC-SHA

Modp1024

28800

*ez-ike-3des-md5-rsa

RSASignature

3DES

HMAC-MD5

Modp1024

28800

Create the ISAKMP IKE global peer:

XSR#crypto isakmp peer 0.0.0.0 0.0.0.0

XSR#config-mode gateway

XSR#exchange-mode aggressive

XSR#proposal ez-ike-3des-sha-psk ez-ike-3des-md5-psk

Create the ACL for trusted subnet of the XSR and virtual subnet of XSR:

XSR(config)#access-list 101 permit ip any 10.11.11.0 0.0.0.255 XSR(config)#access-list 102 permit ip any 10.12.12.0 0.0.0.255 XSR(config)#access-list 103 permit ip any 10.10.10.0 0.0.0.255

Create crypto map statements for each ACL entry with the more protective tunnel mode set by default. Match statements render the associated ACLs bi-directional:

XSR(config)#crypto map test 101

XSR(config)#set transform-set ez-esp-3des-sha-pfs

XSR(config)#match address 101

XSR(config)#crypto map test 102

XSR(config)#set transform-set ez-esp-3des-sha-pfs

XSR(config)#match address 102

XSR(config)#crypto map test 103

XSR(config)#set transform-set ez-esp-3des-sha-pfs

XSR(config)#match address 103

3-32 Software Configuration

Page 75 Page 77
Image 76
Page 75 Page 77
Contents PeditionSecurity Router VersionPage Enterasys Networks, Inc Minuteman Road Andover, MA Regulatory Compliance Information Industry Canada Notices Product Safety Supplement to Product Instructions Vcci Notice N826 Enterasys Networks, Inc. Firmware License Agreement Page Page Contents BRI Leased Line BRI Leased Frame Relay BRI Switched Line Appendix a Specifications IndexXiv Contents of the Guide About This GuideBold/En negrilla Getting Help FTPXviii Overview System DescriptionHardware Features Typical XSR-3150 TopologyXSR-3150 Software Features Operating SystemIndustry-common CLI IP ProtocolIP Routing Snmp and Statistics GatheringSecurity Frame RelayDynamic Host Configuration Protocol Dhcp Integrated Services Digital Network Isdn BRI/PRIQuality of Service QoS Virtual Private Network VPNGRE over IPSec Dial Service Dial BackupAsynchronous Digital Subscriber Line Adsl Dial-on-Demand/Bandwidth-on-Demand DoD/BoDInstallation Overview Unpack the XSR from the shipping box. Remove accessoriesInstallation Overview Introduction Installation Site SuggestionsVerifying Your Shipment Installing NIM Cards and Rack Mounting Removing XSR CoverXSR Fastening Rack Brackets Installing a CompactFlash Memory Card CompactFlash Card InstallationCompactFlash Card for the Adsl NIM Formatting the CompactFlash CardConnecting Cables 315011 Connecting High Speed Serial Connector 13 Connecting Adsl Connector 15 Attaching GigabitEthernet Connector 17 Attaching Ethernet LAN NIM Connector 19 Connecting Dual Internal Power Supply Cords Software Configuration Initializing XSR SoftwareInitializing XSR Software Configuring RAI for Frame Relay Optional Configuring Remote Auto InstallOpening a COM Console Session Remote Auto Install Attempting Forever Configuring RAI for Dhcp over LAN Configuring RAI over AdslPppoe limit max-sessions Setting the Clock Configuring the XSR Name and User InformationSetting User Name, Privilege and Password Configuring the WAN Ports Configuring the LAN PortsPRI Configuration BRI Configuration BRI Leased LineBRI Switched Line BRI Leased Frame RelayPPPoE Adsl ConfigurationPPPoA Firewall Sample Configuration IPoAXSR Setting Up RIP Routing Complete LAN and WAN interface configurationConfigure Ospf Routing Configuring Frame Relay Point to Point NetworksSetting Up an Snmp Community String, Traps and V3 Values Configuring Message Logging and Severity Level Viewing Your Configuration Connecting Remotely via the WebWeb Product Version Window LAN-PPP Services Sample Configuration PstnXSRconfig-controllerT1-1/0#no shutdown Frame Relay WAN Link with PPP Backup Sample Configuration Configure Users and PasswordsConfigure LAN Interface Configure Quality of ServiceConfigure WAN/Frame Relay Port XSRconfig-pmap-cpriority-policy#priority high 30XSRconfig#interface serial 1/0.2 multipoint Apply QoSConfigure Ospf Routing Configure More Access ListsConfigure DHCP/BOOTP Relay Configure the Dial Backup ConnectionConfigure Snmp Configure Access Control Lists VPN Site-to-Site Sample ConfigurationGenerate Master Encryption Key Set Up IKE Phase I Security Configure IKE Policy for Remote PeerConfigure Crypto Maps Create a Transform SetConfiguring VPN at Interface Mode and Setting Up RIP VPN Sample Configuration with Network Extension Mode Configuring Authentication AAAEnable Network Address Translation Create the Isakmp IKE global peer XSR Rebooting Characteristics Initialization OutputReboot Triggers Power-Up RebootBootrom Monitor Mode Commands Power-up Error ConditionsXSR-3150 bu btXSR300012.fls Verifying btXSR300012.fls file Copy Del DirFfc Remove RenameFTP Bootrom Monitor Mode Commands Specifications System SpecificationsCable, CompactFlash and Accessory Specifications WANXSR Getting Started Guide A-3 COM Console Port COMGigabitEthernet Ports Mini-GBIC Fiber, Copper PortRegulatory/Safety Compliance Copper/Fiber-optic Ethernet NIMsPort Serial NIM Card Port 21 DTEFigure A-8 EIA-232/530 DTE Pin Assignments Figure A-9 EIA-449 DTE Pin Assignments Figure A-10 Combined V.35/EIA-232/530 DTE Pin Assignments Figure A-11 DTE Pin Assignments T1/E1/ISDN PRI NIM Card Ports T1/E1/ISDN PRIBalun for E1 or PRI NIM Cards Figure A-14 Balun for E1 or PRI ConnectionInstalling Shunt/Terminal Strip Grounding Shunt for E1 NIM CardsT3/E3 NIM Card Figure A-17 1-Port T3/E3 NIM CardPort BRI-S/T Isdb NIM Card Ports Termination Shunt for the Isdn BRI-S/T NIM CardXSR Getting Started Guide A-17 Port BRI-U NIM Card Ports Figure A-21 Isdn BRI-U NIM Card RJ-49C ports shownPort Adsl NIM Card Port Figure A-23 Adsl NIM CardT1/E1 Drop & Insert D&I NIM Figure A-25 T1/E1 D&I NIM CardCompactFlash Memory Card LED BehaviorTX LED Index Index-2
Top Page Image Contents