ADTRAN Internet-Based WAN Backup manual Ip firewall fast-nat-failover

Page 10

The Internet as an Alternative

Internet-based WAN Backup Solutions using NetVanta

 

 

ip firewall fast-nat-failover

!

!If using the PPPoE and Dial-up ISP connections for local Internet access

!and using 'NAT source' with the address of the currently active interface, the

!previous command is necessary to allow sessions started on one interface to be

!terminated when the route to the destination switches to the other interface.

!

ip crypto

!

crypto ike policy 100 initiate aggressive no respond

local-id fqdn REMOTE peer 10.254.255.85 attribute 10 authentication pre-share group 2

lifetime 300

!

crypto ike remote-id fqdn CENTRAL. preshared-key 1234567890

!

crypto ipsec transform-set dessha esp-des esp-sha-hmac mode tunnel

!

!separate crypto maps are used to allow for future customization of

!individual VPN connections if needed

!

crypto map HOSTviaDIAL 100 ipsec-ike match address REMOTE_to_CENTRAL set peer 10.254.255.85

set transform-set dessha

set security-association lifetime seconds 600 set pfs group2

!

crypto map HOSTviaPoE 100 ipsec-ike match address REMOTE_to_CENTRAL set peer 10.254.255.85

set transform-set dessha

set security-association lifetime seconds 600 set pfs group2

!!

interface eth 0/1

description Local Lan Interface

ip address 10.1.1.254 255.255.255.240 access-policy LOCALLAN

10

Copyright © 2005 ADTRAN, Inc.

61200890L1-29.4A

Image 10
Contents Configuration Guide Introduction 61200890L1-29.4A Copyright 2005 ADTRAN, Inc Copyright 2005 ADTRAN, Inc Inbound on dial only allows sessions from Central Copyright 2005 ADTRAN, Inc 61200890L1-29.4A Copyright 2005 ADTRAN, Inc Inbound on PoE allows any session from Central 61200890L1-29.4A Copyright 2005 ADTRAN, Inc Ip firewall fast-nat-failover 61200890L1-29.4A Copyright 2005 ADTRAN, Inc Primary default route