Manuals / Black Box / Computer Equipment / Network Router

Black Box LR1114A-T1/E1, LR1112A-T1/E1, LR1104A-T1/E1, LR1102A-T1/E1 manual Permit

Models: LR1102A-T1/E1 LR1112A-T1/E1 LR1104A-T1/E1 LR1114A-T1/E1

1 142

Download 142 pages 53.89 Kb

Page 41

Example 5: IPSec remote access

Black Box1> show crypto dynamic ipsec policy all detail

Policy sales is enabled, Modeconfig Group Action is Apply

Key Management is Automatic PFS Group is disabled Match Address:

Protocol is Any

Source ip address (ip/mask/port): (10.0.1.0/255.255.255.0/any)

Destination ip address (ip/mask/port): (any/any/any)

Proposal of priority 1

Protocol: esp

Mode: Tunnel

Encryption Algorithm: aes256(key length=256 bits)

Hash Algorithm: sha1

Lifetime in seconds: 3600

Lifetime in Kilobytes: 4608000

Step 10: Configure firewall policies to allow IKE negotiation through untrusted interface (applicable only if firewall license is also enabled)

Black Box1/configure> firewall internet

Black Box1/configure/firewall internet> policy 1000 in service ike self Black Box1/configure/firewall internet/policy 1000 in> exit

Black Box1/configure/firewall internet> exit

Step 11: Display firewall policies in the internet map (applicable only if firewall license is enabled)

Black Box1>	show firewall		policy internet
Advanced: S	- Self Traffic,			F	-	Ftp-Filter, H - Http-Filter,
R	-	Rpc-Filter,	N	-	Nat-Ip/Nat-Pool, L - Logging,
E	-	Policy Enabled,			M	- Smtp-Filter

Pri	Dir	Source Addr	Destination Addr	Sport	Dport	Proto Action		Advanced
---	---	-----------	----------------	-----------------			------	--------
1000	in	any	any	ike			PERMIT	SE
1024	out	any	any	any	any	any	PERMIT	SE

Step 12: Display firewall policies in the internet map in detail (applicable only if firewall license is enabled)

43

Image 41

Black Box LR1114A-T1/E1, LR1112A-T1/E1, LR1104A-T1/E1, LR1102A-T1/E1 manual Permit

Contents

Black Box LR11xx Series Router Configurations Black Box LR11xx Series Router Configurations Guide Instrucciones DE Seguridad Normas Oficiales Mexicanas NOM Electrical Safety StatementBlack Box LR11xx Series Router Configurations Guide Contents Ipsec Specifications Ultipath M Ulticast C Onfigurations 107 101117 119WAN I Nterface C Onfigurations Black Box LR11xx Series Router Configurations Guide Bootp Requests Feature Overview1DHCP Relay FunctionalityCommand Line Interface Using Dhcp Relay with NATBootp Replies Enabling Dhcp RelayConfiguring the Gateway Address field when NAT is enabled Displaying Dhcp ConfigurationDisplaying Statistics Dhcp RelayDisplaying Ethernet Interface Statistics Dhcp Limitations1IGMP Configuration Configuring Internet Group Management ProtocolExample Igmp CommandsIgmp Configuration Examples 2.10Example Igmp Configuration2.11Example 2.12ExampleBlack Box LR11xx Series Router Configurations Guide Blackbox configure term Blackbox/configure ip Configure the Black Box LR1104AFiltering IP Traffic 1IP Packet Filter ListsBlackbox/configure/ip applyfilter WAN1 filterb Blackbox configure terminal Blackbox/configure ipBlackbox/configure/ip applyfilter WAN1 filterc Example1IPSec Configurations Configuring SecurityDisplay the crypto interfaces Example 1 Managing the Black Configure IKE to the peer gatewayPermit SE Enable Snmp on the Black Box1 router Display Snmp communities Example 2 Single Proposal Tun Configure IPSec tunnel to the remote hostUsing the show crypto ipsec policy all command 1022 Out Any Black Box1 Show firewall policy corp detail Policy with Example 3 Multiple IPSec Pro Message Proposal added with priority2-esp-3des-sha1-tunnel As in of Example Example 4 IPSec remote accessDisplay dynamic IKE policies in detail Configure dynamic IPSec policy for a group of mobile usersDisplay dynamic IPSec policies in detail Display dynamic IPSec policiesLifetime in Kilobytes Bytes In 0, Bytes Out Permit E Display dynamic IKE policies Example 5 IPSec remote accessDisplay dynamic IKE policies in detail Permit 20.1.1.150 1022 Out Any Example 5 IPSec remote access Black Box LR11xx Series Router Configurations Guide 1IPSec Appendix Ipsec SpecificationsIPSec Defaults Black Box IKE and IPSec DefaultsIKE Defaults ESP IPSec AppendixBlack Box LR11xx Series Router Configurations Guide 1IP Multiplexing Forwarding IP TrafficPacket Forwarding Modes Proxy ARP and Packet ForwardingProxy ARP and Packet Forwarding Addressing in IP Multiplexing NetworksIP Multiplexing Single SubnetSplit Subnet Secondary Addressing 30 Bit Secondary Addressing POP OnlyRouting Considerations for IP Multiplexing Secondary Addressing 29 BitPros and Cons of Different IP Addressing Schemes Black Box LR11xx Series Router Configurations Guide 1Connecting a Black Box Router to a Router/CSU Via Hdlc IP Multiplexing Hdlc ConfigurationsConfiguration Guide Configure the Black Box LR1104A at Site1Configuring Multiple PPP and Mlppp Bundles IP Multiplexing PPP and Mlppp ConfigurationsLR1104A Configuring Multiple PPP Configure the Black Box LR1104A at the Main SiteBlack Box LR11xx Series Router Configurations Guide 1Layer Two Configurations PPP, MLPPP, Configuring PPP, MLPPP,LR1114A LR1104APPP and Mlppp Configuration Mlppp ConfigurationHdlc Configuration Configure the Black Box LR1114A System at Site10.1Firewalls Configuring FirewallsBasic Firewall Configuration Firewall Configuration ExamplesCreate policies for Security Zone Corp that Create the security zones Corp and DMZ and attach interfacesCreate policies for Security Zone DMZ that Verify the firewall policy for Security Zone CorpVerify the firewall policy for Security Zone DMZ Create a default route out of the WANBlack Box LR11xx Series Router Configurations Guide Firewall Configuration Ex Black Box LR11xx Series Router Configurations Guide Stopping DoS Attacks Packet Reassembly NAT ConfigurationsNAT Configuration Examples Dynamic NAT many to many NAT Configuration ExamplesStatic NAT Static NAT one to oneMethod2 Attaching nat pool to the policy Method1 Specifying NAT address with the policy command10.4.3Port Address Translation Many to one Black Box LR11xx Series Router Configurations Guide 11.1Multipath Multicast Multipath Multicast Configurations11.2.1Multipath Examples 11.2Multipath Commands12.1Network Address Translation Configuring NATDynamic NAT Static NATDynamic and Static NAT Configuration for FigureNetwork Address Translation 12.1.4Configuration for FigureReverse NAT Reverse NAT Blackbox configure terminal13.1.1Dynamic NAT many to many NAT Configuration Examples60.1.1.1 13.1.2Static NAT one to one 13.1.3Port Address Translation Many to one Secure Remote Access Using IPSec VPN Remote Access VpnsAccess Methods Remote Access User GroupRemote Access Mode Configuration Configuration ExamplesBlack Box #1 IPSec Remote Access UserDavid@blackboxcom .com IPSec Remote Access Mode Configuration Group MethodMike@Blackbox.com IPSec Remote Access Mode ConBlack Box LR11xx Series Router Configurations Guide 15.1.2Displaying RIP Configuration 15.1.1Configuring RIP for Ethernet 0 and WAN 1 Interfaces15.1.3Displaying All Configured RIP Interfaces Networking with Routing Information ProtocolShow ip rip interface all Command Static Routing Configuration Configuring Static RoutesBlackbox/configure ip route 0.0.0.0 0.0.0.0 10.1.1.2 16.1.1Configure the Router at Site a16.1.2Configure the Router at site B 17.1.1Configuring the host name Configuring Open Shortest Path First Routing17.1.2Configuring interface ethernet 17.1.3Configuring interface bundle Dallas17.1.5Configuring ospf interface parameters 17.1.4Configuring ospf17.1.6Displaying neighbors 17.1.7Displaying ospf routesInstalling Licenses Configuring Generic Routing EncapsulationConfiguring GRE GRE Configuration Examples GRE Configuration Examples 18.3.1Configuring Site to Site TunnelFor more information enter Configuring GRE Site to Site with Configuring GRE Site to Site with IPSecAdd to the Cisco configuration above Configuring GRE Site to Site with IPSec and OspfOspf Frame Relay Configuring Ospf and Frame Relay19.1.2Configuring interface ethernet 19.1.1Configuring the host name19.1.3Configuring interface bundle Dallas 19.1.4Configuring Ospf20.1.1PIM Commands Configuring Protocol Independent Multicasting RoutingPIM Configuration Bootstrap Router related Commands Show and debug PIM commands are PIM ConfigurationBlackbox/configure/ip/pim register-suppress-timeout 20.1.2PIM Configuration ExamplesBlackbox/configure display ip pim global Blackbox/configure display ip pim neighbors Blackbox clear ip pim statistics 116 21.1.1mtrace Command Mtrace ConfigurationMulticast Traceroute Facility RestrictionsBlackbox mtrace 192.168.0.0 192.168.2.22 Mtrace Example22.1.1Features Configuring Quality of Service RoutingConfiguring QoS 22.1.3Classification Types 22.1.2DefinitionsVlan Identifiers Configuring QoSCreate bundle AppTest Create traffic classesCreate traffic classes and assign classifications 22.1.5Bulk StatisticsCreate bundle VLANtest Configuring bulk statistics Screen Display for show qos bulkstatsconfig Command124 Managing Traffic with Vlan Tagging Virtual LAN Tagging# The POP router is 205.1.1.1/30 Reston configuration Black Box LR1104AManaging Traffic with Vlan Tag DC configuration Black Box LR1114A128 Trunk Group/Failover 24.1.1Configuration DetailsManaging Redundant Connections Configure the Black Box LR1114A for Failover Operation 25.1 T1 Interface Configuration WAN Interface Configurations25.1.1Module Configuration Bundle ConfigurationConfigure a T1 PPP Bundle Configure a Fractional T1 Hdlc BundleBlackbox/configure interface bundle demo2 Configure an N x T1 Mlppp BundleManaging Vlan Traffic Virtual LAN Forwarding134 Managing Vlan Traffic 26.1.1POP configuration Black Box LR1104A26.1.2Bldg1 configuration Black Box LR1114A 10 br Configure interface bundle uplinkConfigure Snmp 27.1Multilink Frame Relay FRF.15 and FRF.16 FeaturesMutlilink Frame Relay 27.1.1.2 # Configure CVC1 27.1.1.1 # Configure Ethernet interface27.1.1.4 # Configure CVC3 27.1.1.5 #Configure AVCLayer Two Configurations FR and MFR Configuring Frame Relay Multilink Frame RelayConfigure the Hssi Bundle at Site FR ConfigurationLayer Two Configurations FR MFR ConfigurationConfigure the Clear Channel Bundle on the LR1104A Configure the LR1104A LR1104A at Site142 Copyright 2004. Black Box Corporation. All rights reserved