Permit SE | Black Box LR1112A-T1/E1, LR1114A-T1/E1, LR1104A-T1/E1

Black Box LR11xx Series Router Configurations Guide

Step 10.1: Configure firewall policies to allow IKE negotiation through untrusted interface (applicable only if firewall license is also enabled)

Black Box1/configure> firewall internet

Black Box1/configure/firewall internet> policy 1000 in service ike self Black Box1/configure/firewall internet/policy 1000 in> exit

Black Box1/configure/firewall internet> exit

Step 10.2: Configure firewall policies to allow desired services through untrusted interface to manage the router (applicable only if firewall license is also enabled)

Black Box1/configure> firewall internet
Black Box1/configure/firewall internet>	policy 1001 in		service snmp self
Black Box1/configure/firewall internet/policy 1001		in>	exit
Black Box1/configure/firewall internet>	policy 1002 in		service telnet self
Black Box1/configure/firewall internet/policy 1002		in>	exit
Black Box1/configure/firewall internet>	policy 1003 in		protocol icmp self
Black Box1/configure/firewall internet/policy 1003		in>	exit
Black Box1/configure/firewall internet>	exit

Step 10.3: Display firewall policies in the internet map (applicable only if firewall license is enabled)

Black Box1> show firewall policy internet

Advanced: S - Self Traffic, F - Ftp-Filter, H - Http-Filter,

R- Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging, E - Policy Enabled, M - Smtp-Filter

Pri	Dir	Source Addr	Destination Addr	Sport	Dport	Proto	Action Advanced
---	---	-----------	----------------	-----------------			------ --------
1000	in	any	any	ike			PERMIT SE
1001	in	any	any	snmp			PERMIT SE
1002	in	any	any	telnet			PERMIT SE
1003	in	any	any	any	any	icmp	PERMIT SE
1024	out	any	any	any	any	any	PERMIT SE

Step 10.4: Display firewall policies in the internet map in detail (applicable only if firewall license is enabled)

26

Image 24

Black Box LR1112A-T1/E1, LR1114A-T1/E1, LR1104A-T1/E1, LR1102A-T1/E1 manual Permit SE

Contents

Black Box LR11xx Series Router Configurations Black Box LR11xx Series Router Configurations Guide Normas Oficiales Mexicanas NOM Electrical Safety Statement Instrucciones DE Seguridad Black Box LR11xx Series Router Configurations Guide Contents Ipsec Specifications Ultipath M Ulticast C Onfigurations 101 107117 119 WAN I Nterface C Onfigurations Black Box LR11xx Series Router Configurations Guide Feature Overview Bootp Requests1DHCP Relay Functionality Using Dhcp Relay with NAT Command Line InterfaceBootp Replies Enabling Dhcp Relay Displaying Dhcp Configuration Configuring the Gateway Address field when NAT is enabledDisplaying Statistics Dhcp Relay Dhcp Limitations Displaying Ethernet Interface Statistics Configuring Internet Group Management Protocol 1IGMP Configuration Igmp Commands Igmp Configuration ExamplesExample Igmp Configuration 2.10Example2.11Example 2.12Example Black Box LR11xx Series Router Configurations Guide Configure the Black Box LR1104A Blackbox configure term Blackbox/configure ipFiltering IP Traffic 1IP Packet Filter Lists Blackbox configure terminal Blackbox/configure ip Blackbox/configure/ip applyfilter WAN1 filterbBlackbox/configure/ip applyfilter WAN1 filterc Example Configuring Security 1IPSec Configurations Display the crypto interfaces Configure IKE to the peer gateway Example 1 Managing the Black Permit SE Enable Snmp on the Black Box1 router Display Snmp communities Configure IPSec tunnel to the remote host Example 2 Single Proposal Tun Using the show crypto ipsec policy all command 1022 Out Any Black Box1 Show firewall policy corp detail Policy with Example 3 Multiple IPSec Pro Message Proposal added with priority2-esp-3des-sha1-tunnel Example 4 IPSec remote access As in of Example Configure dynamic IPSec policy for a group of mobile users Display dynamic IKE policies in detail Display dynamic IPSec policies Display dynamic IPSec policies in detail Lifetime in Kilobytes Bytes In 0, Bytes Out Permit E Example 5 IPSec remote access Display dynamic IKE policies Display dynamic IKE policies in detail Permit 20.1.1.150 1022 Out Any Example 5 IPSec remote access Black Box LR11xx Series Router Configurations Guide Ipsec Specifications 1IPSec Appendix Black Box IKE and IPSec Defaults IKE DefaultsIPSec Defaults IPSec Appendix ESP Black Box LR11xx Series Router Configurations Guide Forwarding IP Traffic 1IP MultiplexingPacket Forwarding Modes Proxy ARP and Packet Forwarding Addressing in IP Multiplexing Networks Proxy ARP and Packet Forwarding Single Subnet Split SubnetIP Multiplexing Secondary Addressing POP Only Secondary Addressing 30 Bit Secondary Addressing 29 Bit Pros and Cons of Different IP Addressing SchemesRouting Considerations for IP Multiplexing Black Box LR11xx Series Router Configurations Guide IP Multiplexing Hdlc Configurations 1Connecting a Black Box Router to a Router/CSU Via Hdlc Configure the Black Box LR1104A at Site Configuration Guide IP Multiplexing PPP and Mlppp Configurations 1Configuring Multiple PPP and Mlppp Bundles LR1104A Configure the Black Box LR1104A at the Main Site Configuring Multiple PPP Black Box LR11xx Series Router Configurations Guide Configuring PPP, MLPPP, 1Layer Two Configurations PPP, MLPPP,LR1114A LR1104A Mlppp Configuration PPP and Mlppp ConfigurationHdlc Configuration Configure the Black Box LR1114A System at Site Configuring Firewalls 10.1Firewalls Firewall Configuration Examples Basic Firewall Configuration Create the security zones Corp and DMZ and attach interfaces Create policies for Security Zone Corp that Verify the firewall policy for Security Zone Corp Create policies for Security Zone DMZ that Create a default route out of the WAN Verify the firewall policy for Security Zone DMZ Black Box LR11xx Series Router Configurations Guide Firewall Configuration Ex Black Box LR11xx Series Router Configurations Guide Stopping DoS Attacks NAT Configurations NAT Configuration ExamplesPacket Reassembly NAT Configuration Examples Dynamic NAT many to many Static NAT one to one Static NAT Method1 Specifying NAT address with the policy command 10.4.3Port Address Translation Many to oneMethod2 Attaching nat pool to the policy Black Box LR11xx Series Router Configurations Guide Multipath Multicast Configurations 11.1Multipath Multicast 11.2Multipath Commands 11.2.1Multipath Examples Configuring NAT 12.1Network Address TranslationDynamic NAT Static NAT Configuration for Figure Dynamic and Static NAT 12.1.4Configuration for Figure Reverse NATNetwork Address Translation Blackbox configure terminal Reverse NAT NAT Configuration Examples 13.1.1Dynamic NAT many to many 60.1.1.1 13.1.2Static NAT one to one 13.1.3Port Address Translation Many to one Remote Access Vpns Secure Remote Access Using IPSec VPNAccess Methods Remote Access User Group Configuration Examples Remote Access Mode Configuration IPSec Remote Access User Black Box #1 IPSec Remote Access Mode Configuration Group Method David@blackboxcom .com IPSec Remote Access Mode Con Mike@Blackbox.com Black Box LR11xx Series Router Configurations Guide 15.1.1Configuring RIP for Ethernet 0 and WAN 1 Interfaces 15.1.2Displaying RIP Configuration15.1.3Displaying All Configured RIP Interfaces Networking with Routing Information Protocol Show ip rip interface all Command Configuring Static Routes Static Routing Configuration 16.1.1Configure the Router at Site a 16.1.2Configure the Router at site BBlackbox/configure ip route 0.0.0.0 0.0.0.0 10.1.1.2 Configuring Open Shortest Path First Routing 17.1.1Configuring the host name17.1.2Configuring interface ethernet 17.1.3Configuring interface bundle Dallas 17.1.4Configuring ospf 17.1.5Configuring ospf interface parameters17.1.6Displaying neighbors 17.1.7Displaying ospf routes Configuring Generic Routing Encapsulation Configuring GREInstalling Licenses GRE Configuration Examples 18.3.1Configuring Site to Site Tunnel GRE Configuration Examples For more information enter Configuring GRE Site to Site with IPSec Configuring GRE Site to Site with Configuring GRE Site to Site with IPSec and Ospf Add to the Cisco configuration above Configuring Ospf and Frame Relay Ospf Frame Relay 19.1.1Configuring the host name 19.1.2Configuring interface ethernet19.1.3Configuring interface bundle Dallas 19.1.4Configuring Ospf Configuring Protocol Independent Multicasting Routing PIM Configuration20.1.1PIM Commands Bootstrap Router related Commands PIM Configuration Show and debug PIM commands are 20.1.2PIM Configuration Examples Blackbox/configure/ip/pim register-suppress-timeout Blackbox/configure display ip pim global Blackbox/configure display ip pim neighbors Blackbox clear ip pim statistics 116 Mtrace Configuration 21.1.1mtrace CommandMulticast Traceroute Facility Restrictions Mtrace Example Blackbox mtrace 192.168.0.0 192.168.2.22 Configuring Quality of Service Routing Configuring QoS22.1.1Features 22.1.2Definitions 22.1.3Classification Types Configuring QoS Vlan IdentifiersCreate bundle AppTest Create traffic classes 22.1.5Bulk Statistics Create bundle VLANtestCreate traffic classes and assign classifications Screen Display for show qos bulkstatsconfig Command Configuring bulk statistics 124 Virtual LAN Tagging Managing Traffic with Vlan Tagging Reston configuration Black Box LR1104A # The POP router is 205.1.1.1/30 DC configuration Black Box LR1114A Managing Traffic with Vlan Tag 128 24.1.1Configuration Details Managing Redundant ConnectionsTrunk Group/Failover Configure the Black Box LR1114A for Failover Operation WAN Interface Configurations 25.1 T1 Interface Configuration25.1.1Module Configuration Bundle Configuration Configure a Fractional T1 Hdlc Bundle Configure a T1 PPP BundleBlackbox/configure interface bundle demo2 Configure an N x T1 Mlppp Bundle Virtual LAN Forwarding Managing Vlan Traffic 134 26.1.1POP configuration Black Box LR1104A 26.1.2Bldg1 configuration Black Box LR1114AManaging Vlan Traffic Configure interface bundle uplink Configure Snmp10 br Features Mutlilink Frame Relay27.1Multilink Frame Relay FRF.15 and FRF.16 27.1.1.1 # Configure Ethernet interface 27.1.1.2 # Configure CVC127.1.1.4 # Configure CVC3 27.1.1.5 #Configure AVC Configuring Frame Relay Multilink Frame Relay Layer Two Configurations FR and MFR FR Configuration Configure the Hssi Bundle at Site MFR Configuration Layer Two Configurations FRConfigure the Clear Channel Bundle on the LR1104A Configure the LR1104A LR1104A at Site 142 Copyright 2004. Black Box Corporation. All rights reserved