Black Box LR11xx Series Router Configurations Guide

Black Box1>

show firewall policy corp

 

 

 

 

Advanced: S

- Self Traffic,

F - Ftp-Filter, H - Http-Filter,

 

 

 

R

- Rpc-Filter, N

- Nat-Ip/Nat-Pool, L - Logging,

 

 

 

 

E

- Policy Enabled, M - Smtp-Filter

 

 

 

 

Pri

Dir

Source Addr

Destination Addr

Sport

Dport

Proto

Action Advanced

---

---

-----------

----------------

-----------------

------ --------

1000

in

any

 

10.0.1.0/24

any

any

any

PERMIT E

1022

out

any

 

any

any

any

any

PERMIT SE

1023

in

any

 

any

any

any

any

PERMIT SE

1024 out any

any

any

any

any PERMIT E

 

Step 16: Display firewall policies in the corp map in detail (applicable only if firewall license is enabled)

4.1Example 5: IPSec remote access to corporate LAN

using mode configuration method

The following example demonstrates how to configure a Black Box router to be an IPSec VPN server using mode-configuration method. The client could be any standard mode configuration enabled IPSec VPN client.

In this example, the client needs to access the corporate private network 10.0.1.0/24 through the VPN tunnel. The server has a pool of ip addresses from 20.1.1.100 through 20.1.1.150 to be allocated for mode configuration enabled VPN clients. The assigned IP address will be used by the VPN client as the source address in the inner IP header. The outer IP header will carry the dynamic IP address assigned by the Internet Service Provider as the source address. The security requirements are as follows:

Phase 1: 3DES with SHA1, Mode Configuration

Phase 2: IPSec ESP tunnel with AES256 and HMAC-SHA1

40

Page 38
Image 38
Black Box LR1104A-T1/E1, LR1112A-T1/E1, LR1114A-T1/E1, LR1102A-T1/E1 manual Permit E