3Com 11.1 manual Assign an IP address to the tunnel virtual port by entering

Page 53

Configuring IPsec 55

Figure 1 VPN PPTP Tunnel

Network				Network
Network				140.0.0.0
130.0.0.0	!1			140.0.0.0
130.0.0.0	!1		!1
	170.0.0.1		!1
	170.0.0.1		180.0.0.1
Router 1			180.0.0.1	Router 2
				Router 2
		Internet
		Internet
	!V1	PPTP tunnel	!V1
			!V1
			20.0.0.2
	20.0.0.1		20.0.0.2
	20.0.0.1

On router 1, set up the tunnel from 170.0.0.1 to 180.0.0.1 by following these steps.

1Set the system name to "router1" by entering:

SETDefault scid = "router1"

2Create a virtual port to accept connection requests from only router 2 by entering:

ADD !v1 -POrt VirtualPort scid "router2"

3Assign an IP address to the tunnel virtual port by entering:

SETDefault !v1 -IP NETaddr =20.0.0.1 255.255.0.0

4Create a route between the two tunnel endpoints by entering:

ADD -IP ROUte 180.0.0.1 !1 1

5Create a router manually to route trafﬁc over a PPTP tunnel by entering the following or turn on routing protocols on the corresponding virtual port:

ADD -IP ROUte 140.0.0.0 255.255.0.0 !v1 1

6Assign peer's dial number to PPTP tunnel dial number list by entering:

ADD !v1 -POrt DialNoList"@170.0.0.1" Type=pptp

7Optionally, set the dial idle time-out to zero to keep the tunnel from timing out by entering:

SETDefault !v1 -POrt DialIdleTime = 0

8Enable Layer 2 Tunnelling by entering:

SETDefault -L2Tunnel CONTrol=Enable

9Conﬁgure an IPSEC policy/security association by entering:

ADD !1 -IPSEC manualPOLicy pptp_ahesp AhEspXport tcp,gre 170.0.0.1 180.0.0.1

ADD -IPSEC KeySet pptp_key EncryptKey "Hello572" AuthKey "world329"

SETDefault !1 -IPSEC ManualKeyInfo=pptp_ahesp pptp_key SpiEsp 500 501 SpiAh 600 601

SETDefault !1 -IPSEC CONTrol=Enable

Image 53

Contents NETBuilder Family Software Version 11.1 Release Notes Bayfront Plaza 3Com CorporationSanta Clara, California 95052-8145Contents CPU Utilization Statistic Deleting ATM Neighbors Web Link Documentation Path Zmodem Time Out Known ProblemsBcmfdinteg File Conversion Considerations NAT Proxy ARP RouteDiscovery Sdhlc Half-Duplex Mode Web Link Login SupportDisplaying Conﬁguration Proﬁles Dynamic Paths Limitations Accm Not ConﬁgurableCONFiguration Authentication Header AHConﬁguring IPsec How IPsec Works PoliciesStatPollInterval Encryption Netbuilder Software Version Release NotesPackages Contact 3Com or your network supplierSupported PC Flash Memory Cards New ProductsLists 3Comapproved vendors of the PC ﬂash memory card Approved 20 MB Flash Memory CardsVPN Features Layer Two Tunneling Protocol New FeaturesApproved Dram SIMMsAdditional RAS Enhancements Extensible Authentication ProtocolDhcp Proxy Encryption StrengthSummary of Encryption Strengths Virtual Circuit PrioritizationEncryption Key Algorithm Package ID LengthBGP-4 Enhancements IP Version 6 PhaseFirewall Enhancements Frame Relay PVC Q.933 Support Ospf Not-So-Stubby-Area NssaData Over Voice B-Channel Isdn Speciﬁcation Boundary Router Remote LAN DetectionToken Ring in Fast Ethernet Tife Features Ascii Boot56/64K CSU/DSU External Loopback NETBuilder Web Link ImprovementsApplication Notes Upgrade Management Utilities and NETBuilder Upgrade LinkFlash Load Placing a Data OverToggle the respective paths. Type ExampleNew Features Application Notes Version 11.1 for the NETBuilder bridge/router platforms NETBuilder II Software FeaturesSoftware NETBuilder II Firmware Requirements Other FeaturesNETBuilder II Firmware Requirements IBM ProtocolsSuperStack II NETBuilder SI Software Features 458 438Memory Requirements SuperStack II NETBuilder Ethernet and Token Ring FeaturesModels Features Token Ring Models Features Token Ring WAN Protocols OfﬁceConnect NETBuilder Software FeaturesModel and Software Package 112 132 111 145 131112 131 120 132 Additional OfﬁceConnect NETBuilder Models Software Features 136 117 137116 Memory Requirements Ruuhp111.1 Utilities for the Solaris 2.5 platformsUtilities for the HP-UX 10.x platforms Ruuaix111.1NETBuilder Upgrade Management Utilities Etc/passwd. You must add an entry can be ignored Known IssuesBridge Static Routes PROﬁle ServiceDLSw SVCsToken Ring a non-source routed frame Dialog boxes will be fully visible without scrollingSupported Asynchronous Modems Ports in DCE ModeSupported Synchronous Modem ModemsHistory, the PPP link does not come up IBM-Related Feature Settings for Token Ring Ports 3Com Bridge/Routers and Supported Features Token Ring Frame Copy ErrorsFrame Copy Errors under LAN Net Manager Known Problems Value Interrupt the boot cycle and enter monitor modeThis system SHow !profileID -PROFILE CONFiguration Notation Known Problems ADD !v1 -PPP ARU user, password Limitations Number of TCP Connections Processor/Frame Relay Relay port is Access for LLC2 TrafﬁcFront-End IBM Boundary RoutingMultilink PPP SpeedPort running PPP Snmp ManagementSdlc Adjacent Link Service Point Source-RouteStations for Appn Source RouteSoftware Update Pages Using Netbuilder FamilyProcedures in this section describe how to conﬁgure IPsec Configuring IpsecConﬁguring IPsec Replace with this chapterOn bridge/router, 2 enter Creating an Encryption PolicyCreating a Security Policy On bridge/router 2, enterManual key information, use For example, to create a new encryption key set, enterConﬁdentiality and data integrity To disable Ipsec on port 1, enterAssign an IP address to the tunnel virtual port by entering Enable Layer 2 Tunnelling by enteringCreate a route between the two tunnel endpoints by entering Conﬁgure an Ipsec policy/security association by enteringHow IPsec Works Enable Layer 2 Tunnelling Pptp by enteringCreate a route between two tunnel endpoints by entering Intercepted and viewedHow IPsec Works Configuring Ipsec Reference for Netbuilder Family CONFiguration Ipsec Service ParametersIpsec Service Parameters and Commands CONTrolKeySet ManualPOLicy ManualKeyInfoPolicyname Name you assign to the policy you are adding Is assigned dynamically using Ipcp or DhcpBe all or ALL Srcipaddr/maskPhase of the encrypt-decrypt-encrypt Encrypt phases, and the second 8 bytes for the decryptSpecifies Cipher Block Chaining mode of the Data 239.255.255.254Ipsec Service Parameters Rsvp Service Parameters REQuest MaxFlowRateRESerVation UDPEndcapPlace this page in front of Chapter SR Service ParametersAllRoutes ROUte ROUte SR Service Parameters SYS Service Parameters SYS Service Parameters StatPollInterval Weblink Service ParametersWeblink Service Parameters