Headquarters
2. Configure IP for internet access
Give a fixed public address to the interface eth0, which is the Internet connection interface. You can replace eth0 with ppp0 if you use a leased line.
enable ip
add ip int=eth0 ip=200.200.200.1
Give a fixed private address to the interface vlan1, which connects the router to the headquarters LAN.
add ip int=vlan1 ip=192.168.140.254
Set the default route. The next hop is the gateway address provided by the ISP.
add ip rou=0.0.0.0 mask=0.0.0.0 int=eth0 next=200.200.200.254
If desired, set up the router as a DHCP server for the headquarters LAN.
create dhcp policy=hq lease=7200
add dhcp policy=hq rou=192.168.140.254 add dhcp policy=hq subn=255.255.255.0
create dhcp range=hq_hosts policy=hq ip=192.168.140.16 num=32 ena dhcp
3. Configure remote management access, if desired
If you need remote management access, we strongly recommend that you use Secure Shell (SSH). You should not telnet to a secure gateway.
To configure SSH, define appropriate RSA encryption keys, then enable the SSH server.
create enco key=2 type=rsa length=1024 description="host key" format=ssh
create enco key=3 type=rsa length=768 description="server key" format=ssh
enable ssh server serverkey=3 hostkey=2
Enable the user who connects via SSH to log in as secoff, by adding the secoff user as an SSH user. Also, you may choose to restrict access so that it is only permitted from particular addresses.
add ssh user=secoff
disable telnet server
Secure Shell is a more secure, encrypted method of remote management access than telnet. If you need to use telnet, even though it is insecure, you should restrict access by defining
Page 9 AlliedWare™ OS How To Note: VPNs for Corporate Networks
