Allied Telesis NetScreen Routers manual How to use the CLI instead of the GUI

Page 30

How to use the CLI instead of the GUI

This section gives an example of the Allied Telesis CLI commands that you need to enter for the IP, firewall, IPsec and ISAKMP aspects of this configuration.

#IP configuration enable ip

add ip int=vlan1 ip=192.168.1.1

add ip int=eth0 ip=192.168.254.1 mask=255.255.255.252

add ip rou=0.0.0.0 mask=0.0.0.0 int=eth0 next=192.168.254.2

#Firewall configuration

enable firewall

create firewall policy=guilan

enable firewall policy=guilan icmp_f=ping

add firewall policy=guilan int=vlan1 type=private add firewall policy=guilan int=eth0 type=public

add firewall poli=guilan nat=enhanced int=vlan1 gblint=eth0

add firewall poli=guilan rule=1 action=allow int=eth0 protocol=udp port=500 ip=192.168.254.1 gblip=192.168.254.1 gblport=500

add firewall poli=guilan rule=2 action=allow int=eth0 protocol=udp port=4500 ip=192.168.254.1 gblip=192.168.254.1 gblport=4500

add firewall poli=guilan rule=3 action=nonat int=eth0 protocol=ALL encap=ipsec

add firewall poli=guilan rule=4 action=nonat int=vlan1 protocol=ALL ip=192.168.1.1-192.168.1.254

set firewall poli=guilan rule=4 remote=192.168.2.1-192.168.2.254

# IPSEC configuration

create ipsec saspec=0 key=isakmp protocol=esp encalg=3desouter hashalg=sha set ipsec saspec=0 antireplay=true

create ipsec bundle=0 key=isakmp string="0" expirysec=3600 create ipsec policy=eth0allowISAKMP int=eth0 action=permit

set ipsec policy=eth0allowISAKMP lport=500 transportprotocol=UDP create ipsec policy=eth0allowISAKMPF int=eth0 action=permit

set ipsec policy=eth0allowISAKMPF lport=4500

create ipsec policy=wiz_AT-to-Sonic int=eth0 action=ipsec key=isakmp bundle=0 peer=200.200.200.1 isakmp=wiz_AT-to-Sonic

set ipsec policy=wiz_AT-to-Sonic laddress=192.168.1.0 lmask=255.255.255.0 raddress=192.168.2.0 rmask=255.255.255.0

set ipsec policy=wiz_AT-to-Sonic respondbadspi=TRUE create ipsec policy=eth0allow int=eth0 action=permit enable ipsec

# ISAKMP configuration

create isakmp policy=wiz_AT-to-Sonic peer=200.200.200.1 encalg=3desouter key=0 natt=true

set isakmp policy=wiz_AT-to-Sonic expirysec=28800 group=2 set isakmp policy=wiz_AT-to-Sonic sendd=true sendn=true

set isakmp policy=wiz_AT-to-Sonic localid="AlliedTelesis" remotei="SonicWALL" enable isakmp

Page 30 AlliedWare™ OS How To Note: VPNs with SonicWALL routers

Image 30
Contents AlliedWareTM OS Related How To Notes What information will you find in this document?Which products and software version does it apply to? Network RouterHow to configure the Allied Telesis router StartVPN tunnel 1. Open the Configuration Wizards Start the Site-to-Site VPN wizard Name the VPN connectionEnter the remote site’s WAN IP address Enter the remote site’s LAN IP addressCheck the settings Enter the shared secret keySpecify Peer IDs Check the settings again Finish the wizardManager Connect a PC to the router How to configure the SonicWALL routerAccess the Router Set the PC’s IP addressBrowse to the router’s management GUI Log on14 AlliedWare OS How To Note VPNs with SonicWALL routers Customise the router and set up the network Change the administrator passwordSet the time zone Enter the WAN settings Choose the type of WAN addressSet up the Dhcp server Enter the LAN addressClick the Close button Log in again Define the LAN subnet of the peer Open the Address Objects summaryOpen the Custom Address Objects summary Define the address object22 AlliedWare OS How To Note VPNs with SonicWALL routers Return to the Configuration Wizards Create the VPNCreate the Site-to-Site policy Select the networks for each end of the LANSpecify security settings 26 AlliedWare OS How To Note VPNs with SonicWALL routers Set the VPN IKE IDs and use Main Mode Specify the Local and Peer IKE IDsSpecify IKE Main Mode If necessary, restart the routerHow to test the tunnel Check the tunnel statusPing the SonicWALL LAN How to use the CLI instead of the GUI Wizard, for Remote Peer IP