Configuring IPsec 55

Figure 1 VPN PPTP Tunnel

Network

 

 

 

Network

 

 

 

140.0.0.0

130.0.0.0

!1

 

 

 

!1

 

 

170.0.0.1

 

 

 

 

180.0.0.1

 

Router 1

 

 

Router 2

 

 

 

 

Internet

 

 

 

 

 

 

 

!V1

PPTP tunnel

!V1

 

 

 

 

 

 

20.0.0.2

 

 

20.0.0.1

 

 

 

 

 

 

On router 1, set up the tunnel from 170.0.0.1 to 180.0.0.1 by following these steps.

1Set the system name to "router1" by entering:

SETDefault scid = "router1"

2Create a virtual port to accept connection requests from only router 2 by entering:

ADD !v1 -POrt VirtualPort scid "router2"

3Assign an IP address to the tunnel virtual port by entering:

SETDefault !v1 -IP NETaddr =20.0.0.1 255.255.0.0

4Create a route between the two tunnel endpoints by entering:

ADD -IP ROUte 180.0.0.1 !1 1

5Create a router manually to route traffic over a PPTP tunnel by entering the following or turn on routing protocols on the corresponding virtual port:

ADD -IP ROUte 140.0.0.0 255.255.0.0 !v1 1

6Assign peer's dial number to PPTP tunnel dial number list by entering:

ADD !v1 -POrt DialNoList"@170.0.0.1" Type=pptp

7Optionally, set the dial idle time-out to zero to keep the tunnel from timing out by entering:

SETDefault !v1 -POrt DialIdleTime = 0

8Enable Layer 2 Tunnelling by entering:

SETDefault -L2Tunnel CONTrol=Enable

9Configure an IPSEC policy/security association by entering:

ADD !1 -IPSEC manualPOLicy pptp_ahesp AhEspXport tcp,gre 170.0.0.1 180.0.0.1

ADD -IPSEC KeySet pptp_key EncryptKey "Hello572" AuthKey "world329"

SETDefault !1 -IPSEC ManualKeyInfo=pptp_ahesp pptp_key SpiEsp 500 501 SpiAh 600 601

SETDefault !1 -IPSEC CONTrol=Enable

Page 53
Image 53
3Com 11.1 manual Assign an IP address to the tunnel virtual port by entering, Enable Layer 2 Tunnelling by entering