3Com 11.1 - page 53

Configuring IPsec 55

Figure 1 VPN PPTP Tunnel

On router 1, set up the tunnel from 170.0.0.1 to 180.0.0.1 by following these

steps.

1Set the system name to "router1" by entering:

SETDefault scid = "router1"

2Create a virtual port to accept connection requests from only router 2 by entering:

ADD !v1 -POrt VirtualPort scid "router2"

3Assign an IP address to the tunnel virtual port by entering:

SETDefault !v1 -IP NETaddr =20.0.0.1 255.255.0.0

4Create a route between the two tunnel endpoints by entering:

ADD -IP ROUte 180.0.0.1 !1 1

5Create a router manually to route trafﬁc over a PPTP tunnel by entering the

following or turn on routing protocols on the corresponding virtual port:

ADD -IP ROUte 140.0.0.0 255.255.0.0 !v1 1

6Assign peer's dial number to PPTP tunnel dial number list by entering:

ADD !v1 -POrt DialNoList"@170.0.0.1" Type=pptp

7Optionally, set the dial idle time-out to zero to keep the tunnel from timing out by

entering:

SETDefault !v1 -POrt DialIdleTime = 0

8Enable Layer 2 Tunnelling by entering:

SETDefault -L2Tunnel CONTrol=Enable

9Conﬁgure an IPSEC policy/security association by entering:

ADD !1 -IPSEC manualPOLicy pptp_ahesp AhEspXport tcp,gre 170.0.0.1

180.0.0.1

ADD -IPSEC KeySet pptp_key EncryptKey "Hello572" AuthKey "world329"

SETDefault !1 -IPSEC ManualKeyInfo=pptp_ahesp pptp_key SpiEsp 500 501

SpiAh 600 601

SETDefault !1 -IPSEC CONTrol=Enable

Network

140.0.0.0

Network

130.0.0.0

Router 2

Router 1

!1

170.0.0.1 !1

180.0.0.1

!V1

20.0.0.2

!V1

20.0.0.1

Internet

PPTP tunnel

Contents

Main 3Com Corporation 5400 Bayfront Plaza Santa Clara, California 95052-8145 C ONTENTS OTES N ELEASE Page Page Page Page NETB UILDER OTES ELEASE S Supported Platforms New Products Supported PC Flash Memory Cards Approved DRAM SIMMs New Features Page Page Page Page Page New Features Application Notes Page Page 11.1 Software Packages Table 4 NETBuilder II Software Features Table 4 NETBuilder II Software Features (continued) Table 5 NETBuilder II Firmware Requirements SuperStack II SI Table 6 lists the software features of each package for SuperStack II SI Table 5 NETBuilder II Firmware Requirements Table 6 SuperStack II NETBuilder SI Software Features Table 6 SuperStack II NETBuilder SI Software Features (continued) SuperStack II Token Ring Table 7 lists software features for each package for the SuperStack II Table 6 SuperStack II NETBuilder SI Software Features (continued) Table 7 SuperStack II NETBuilder Ethernet and Token Ring Features OfceConnect Table 8 and Table 9 list software features for each package for OfceConnect Table 7 SuperStack II NETBuilder Ethernet and Token Ring Features (continued) Table 8 OfceConnect NETBuilder Software Features Table 8 OfceConnect NETBuilder Software Features (continued) Table 9 Additional OfceConnect NETBuilder Models Software Features Table 8 OfceConnect NETBuilder Software Features (continued) Page Page Item Not Supported NETBuilder Upgrade Management Utilities Page Upgrade Management Known Issues Page Notes and Cautions Page Page Page Page Known Problems Page Page Page Page Page Limitations Page Page Page Page 17 Conguring IPsec Page Page Page Page How IPsec Works Page Page Page 33 CONFiguration CONTrol KeyEncryptionKey KeySet ManualKeyInfo manualPOLicy Page Page Page 60 CONFiguration CONTrol MaxFlowRate REQuest RESerVation UDPEndcap 69 AllRoutes ROUte Page Page 71 Page 77