Enterasys Networks XSR-Series manual VPN via Dialer Interface rtr2

Page 20

5.4.2 VPN via Dialer Interface rtr2

XSR-1805-2#show running-config

!!

!Version 6.0.0.9, Built Dec 12 2003, 14:56:30

hostname XSR-1805-2

interface bri 0/2/0

isdn switch-type basic-net3 no shutdown

dialer pool-member 1 priority 0

access-list 102 permit

ip

10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255

access-list 102

permit

ip

any host 1.1.1.1

access-list 130

permit

ip

10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255

!

 

 

 

crypto isakmp proposal

ISDN

 

authentication pre-share

 

!

crypto isakmp peer 1.1.1.1 255.255.255.255 proposal ISDN

!

crypto ipsec transform-set isdntr esp-3des esp-md5-hmac set pfs group2

no set security-association lifetime kilobytes

!

crypto map myisdn 10

set transform-set isdntr match address 130

set peer 1.1.1.1

!

interface FastEthernet 1

ip address 10.10.10.1 255.255.255.0 no shutdown

!

interface Dialer1 crypto map myisdn dialer pool 1 dialer string 110 encapsulation ppp dialer-group 1

ip address 1.1.1.2 255.255.255.0 no shutdown

!

ip route 20.20.20.0 255.255.255.0 1.1.1.1

!

dialer-list 1 protocol ip list 102

!

end

XSR-1805-1(config)#aaa user 1.1.1.1

XSR-1805-1(config-aaa)#password XSR

XSR-1805-2#

Configuration Guide

Page 20 of 55

Image 20
Contents Configuration Guide Table of Contents Helpful commands for using the XSR platform AppendixIP-Address and Secondary Addresses configuration IP-Static-routing IP-Loopback InterfaceIP-OSPF-routing IP-RIPv1,v2-routing Ip local pool 10th 10.10.10.0 Sntp Simple Network Time Protocol Duplex half System login bannerDuplex full Configuration Guide Access control list moving online editing XSR-1805config#access-list 110 move 1Router-2-Backup Virtual Router Redundancy Protocol RFCRouter-1-Master Hostname XSR-18051Vrrp monitor interface function, interface tracking Vrrp 1 priority Vrrp 1 master-respond-ping no shutdownAccess-list 10 permit 10.10.10.0 NAT static bindingsNAT dynamic with PAT Port Address Translation Ip address 10.10.10.1 255.255.255.0 no shutdownDialer Interface Dialer Backup interface function Controller e1 0/2/0 clock source internal no shutdownPAP for authentication PPP Username remote privilege 0 password is not displayedInterface Dialer0 dialer pool Chap for authentication PPPUsername remote privilege 0 cleartext iamRemote Dialer-list 1 protocol ip list XSR-1805-1config#aaa user XSR-1805-1config-aaa#password XSRVPN via Dialer Interface rtr1 VPN via Dialer Interface rtr2 Ppp pap sent-username central password xsr ppp multilink Dialer Int. PRI to BRI with D-channel-callbackcentral-sitePpp pap sent-username remote1 password xsr1 ppp multilink Dialer Int. PRI to BRI with D-channel-callbackremote1-sitePpp pap sent-username remote2 password xsr2 ppp multilink Dialer Int. PRI to BRI with D-channel-callbackremote2-siteIsdn config for BRIx/x Isdn switch type changing Dialer-group Isdn callbackDialer caller 112233 callback dialer remote-name XSR-Remote Isdn multilink / Isnd channel bundling PPPoE on Adsl interface with chap authentication AAA Authentication Authorization Accounting Radius Ip ssh server disable Ip telnet server disable SSH / TelnetSyslog function, Server local-buffer Logging Snmp MediumSnmp configuration /contact/location/parameter Snmp v1/v2/v3XSR-18051config#aaa user XSR-18051config-aaa#password XSR 0r1 VPN Ipsec site-to-site tunnel via pre-shared keyRouter-1 Ip route 80.80.80.0 255.255.255.0XSR-18052config#aaa user XSR-18052config-aaa#password XSR 0r2 VPN Ipsec site-to-site tunnel via pre-shared keyRouter-2 Ip route 10.10.10.0 255.255.255.0VPN Ipsec site-to-site tunnel certification PKI XSR-18051config#crypto ca identity Enterasys-Networks-CA Password Re-enter passwordXSR-18051config#crypto ca crl request Enterasys-Networks-CA Request certificate from CA y/n ? yCertification control / certificates / Crls / CA identity ENTITY-ACTIVEVPN Pptp User termination Pptp encrypt mppe autoXSR-18051config#aaa user XSR-18051config-aaa#password XSR XSR-18052config#aaa user XSR-18052config-aaa#password XSR 5r1 GRE native site-to-site tunnel Version 6.0.0.0, Built Sep 14 20035r2 GRE native site-to-site tunnel Diffserv Dscp field addressing Description internalloopbackPrivate ip address 13.13.13.1 Firewall configurationDescription InteralnetworkPrivate ip address 10.10.10.1 Ip address 30.30.30.1 Vlan configuration 802.1q tagged routingIp address 20.20.20.1 A1.2 ping & traceroute Version 2.02, Built Feb 24 2003Version 4.0.0.0, Built Mar 26 2003 XSR-1805 uptime is 0 days, 2 hours, 23 minutesCurrent operational duplex mode is negotiated to full A1.4 telnet to other routersPhysical link is currently up Current operational speed is negotiated to 100 Mb/sA1.5 flash/ cflash/ dir, rename, copy commands A1.6 verify the flash file checksumB1.0 show ip route B1.1 show ip arpC1.0 show tunnels C1.1 show crypto isakmp saC1.2 show crypto ipsec sa C1.3 show crypto mapC1.4 show tunnels / GRE via Ipsec C1.5 show interface vpn / GRE via IpsecC1.6 show crypto ipsec sa / GRE via Ipsec C1.7 show ip route / GRE via IpsecMTU is 1492 bytes D1.1 show ip interface atm 1/0.1D1.2 show controllers atm 1/0 D1.3 show controllers atm 1/0.1 VPI/VCI 1/32ATM 1/0 is Admin Up / Oper Up Administrative State is Enabled Operational State is UPD1.4 show interface atm 1/0 IfLastChange 001609ATM 1/0.1 is Admin Up / Oper Up D1.5 show interface atm 1/0.1State Opened PPPoE is Oper UpATM 1/0.1 PPP is Admin Up / Oper Up Chap authentication success withD1.6 show ppp interface atm 1/0.1 Current StateGetting Help