Manuals / Black Box / Computer Equipment / Network Router

Black Box LR1104A-T1/E1, LR1112A-T1/E1 manual IPSec Remote Access Mode Configuration Group Method

Models: LR1102A-T1/E1 LR1112A-T1/E1 LR1104A-T1/E1 LR1114A-T1/E1

1 142

Download 142 pages 53.89 Kb

Page 90

Black Box LR11xx Series Router Configurations Guide

14.5IPSec Remote Access Mode Configuration Group Method

The following example demonstrates how to configure a Black Box router to be an IPSec VPN server using mode-configuration method. The client could be any standard mode config enabled IPSec VPN client.

In this example, the client needs to access the corporate private network 10.0.1.0/24 through the VPN tunnel. The server has a pool of IP addresses from 20.1.1.100 through 20.1.1.150 to be allocated for mode config enabled VPN clients. The assigned IP address is used by the VPN client as the source address in the inner IP header. The outer IP header will carry the dynamic IP address assigned by the Internet Service Provider as the source address. The security requirements are as follows:

3DES with SHA1, Mode Config

IPSec ESP tunnel with AES256 and HMAC-SHA1

Figure 29 Configuration Mode Remote Access Configuration

VPN Client 1

Local Outer Address:

Dynamic

Local Inner Assigned

Address: 10.0.1.100/32

Local ID:

david@tasmannetworks.

david@blackboxcom .com

	EL
IPSEC	TUNN

Black box 1

VPN Server

Corporate

172.16.0.1

Mode Config IP

Headquarters

Pool:

10.0.1.0/24

10.0.1.100-

10.0.1.150

IPSEC TUNNEL

VPN Client 2

Local Outer Address:

Dynamic

Local Inner Assigned

Address: 10.0.1.101/32

Local ID:

mike@blackbox.com

To configure the VPN gateway:

Blackbox>configure term Blackbox/configure>interface ethernet 1 Blackbox/configure/interface/ethernet 1>ip address 10.0.1.1 24 Blackbox/configure/interface/ethernet 1>crypto corp

Blackbox/configure> interface bundle wan Blackbox/configure/interface/bundle wan>link t1 1-2 Blackbox/configure/interface/bundle wan>ip address 172.16.0.1 321 Blackbox/configure/interface/bundle wan>crypto internet

92

Image 90

Black Box LR1104A-T1/E1, LR1112A-T1/E1 manual IPSec Remote Access Mode Configuration Group Method, David@blackboxcom .com

Contents

Black Box LR11xx Series Router Configurations Black Box LR11xx Series Router Configurations Guide Normas Oficiales Mexicanas NOM Electrical Safety Statement Instrucciones DE SeguridadBlack Box LR11xx Series Router Configurations Guide Contents Ipsec Specifications Ultipath M Ulticast C Onfigurations 117 101107 119WAN I Nterface C Onfigurations Black Box LR11xx Series Router Configurations Guide 1DHCP Relay Feature OverviewBootp Requests FunctionalityBootp Replies Using Dhcp Relay with NATCommand Line Interface Enabling Dhcp RelayDisplaying Statistics Displaying Dhcp ConfigurationConfiguring the Gateway Address field when NAT is enabled Dhcp RelayDhcp Limitations Displaying Ethernet Interface StatisticsConfiguring Internet Group Management Protocol 1IGMP ConfigurationIgmp Commands Igmp Configuration ExamplesExample 2.11Example Igmp Configuration2.10Example 2.12ExampleBlack Box LR11xx Series Router Configurations Guide Filtering IP Traffic Configure the Black Box LR1104ABlackbox configure term Blackbox/configure ip 1IP Packet Filter ListsBlackbox/configure/ip applyfilter WAN1 filterc Blackbox configure terminal Blackbox/configure ipBlackbox/configure/ip applyfilter WAN1 filterb ExampleConfiguring Security 1IPSec ConfigurationsDisplay the crypto interfaces Configure IKE to the peer gateway Example 1 Managing the BlackPermit SE Enable Snmp on the Black Box1 router Display Snmp communities Configure IPSec tunnel to the remote host Example 2 Single Proposal TunUsing the show crypto ipsec policy all command 1022 Out Any Black Box1 Show firewall policy corp detail Policy with Example 3 Multiple IPSec Pro Message Proposal added with priority2-esp-3des-sha1-tunnel Example 4 IPSec remote access As in of ExampleConfigure dynamic IPSec policy for a group of mobile users Display dynamic IKE policies in detailDisplay dynamic IPSec policies Display dynamic IPSec policies in detailLifetime in Kilobytes Bytes In 0, Bytes Out Permit E Example 5 IPSec remote access Display dynamic IKE policiesDisplay dynamic IKE policies in detail Permit 20.1.1.150 1022 Out Any Example 5 IPSec remote access Black Box LR11xx Series Router Configurations Guide Ipsec Specifications 1IPSec AppendixBlack Box IKE and IPSec Defaults IKE DefaultsIPSec Defaults IPSec Appendix ESPBlack Box LR11xx Series Router Configurations Guide Packet Forwarding Modes Forwarding IP Traffic1IP Multiplexing Proxy ARP and Packet ForwardingAddressing in IP Multiplexing Networks Proxy ARP and Packet ForwardingSingle Subnet Split SubnetIP Multiplexing Secondary Addressing POP Only Secondary Addressing 30 BitSecondary Addressing 29 Bit Pros and Cons of Different IP Addressing SchemesRouting Considerations for IP Multiplexing Black Box LR11xx Series Router Configurations Guide IP Multiplexing Hdlc Configurations 1Connecting a Black Box Router to a Router/CSU Via HdlcConfigure the Black Box LR1104A at Site Configuration GuideIP Multiplexing PPP and Mlppp Configurations 1Configuring Multiple PPP and Mlppp BundlesLR1104A Configure the Black Box LR1104A at the Main Site Configuring Multiple PPPBlack Box LR11xx Series Router Configurations Guide LR1114A Configuring PPP, MLPPP,1Layer Two Configurations PPP, MLPPP, LR1104AHdlc Configuration Mlppp ConfigurationPPP and Mlppp Configuration Configure the Black Box LR1114A System at SiteConfiguring Firewalls 10.1FirewallsFirewall Configuration Examples Basic Firewall ConfigurationCreate the security zones Corp and DMZ and attach interfaces Create policies for Security Zone Corp thatVerify the firewall policy for Security Zone Corp Create policies for Security Zone DMZ thatCreate a default route out of the WAN Verify the firewall policy for Security Zone DMZBlack Box LR11xx Series Router Configurations Guide Firewall Configuration Ex Black Box LR11xx Series Router Configurations Guide Stopping DoS Attacks NAT Configurations NAT Configuration ExamplesPacket Reassembly NAT Configuration Examples Dynamic NAT many to manyStatic NAT one to one Static NATMethod1 Specifying NAT address with the policy command 10.4.3Port Address Translation Many to oneMethod2 Attaching nat pool to the policy Black Box LR11xx Series Router Configurations Guide Multipath Multicast Configurations 11.1Multipath Multicast11.2Multipath Commands 11.2.1Multipath ExamplesDynamic NAT Configuring NAT12.1Network Address Translation Static NATConfiguration for Figure Dynamic and Static NAT12.1.4Configuration for Figure Reverse NATNetwork Address Translation Blackbox configure terminal Reverse NATNAT Configuration Examples 13.1.1Dynamic NAT many to many60.1.1.1 13.1.2Static NAT one to one 13.1.3Port Address Translation Many to one Access Methods Remote Access VpnsSecure Remote Access Using IPSec VPN Remote Access User GroupConfiguration Examples Remote Access Mode ConfigurationIPSec Remote Access User Black Box #1IPSec Remote Access Mode Configuration Group Method David@blackboxcom .comIPSec Remote Access Mode Con Mike@Blackbox.comBlack Box LR11xx Series Router Configurations Guide 15.1.3Displaying All Configured RIP Interfaces 15.1.1Configuring RIP for Ethernet 0 and WAN 1 Interfaces15.1.2Displaying RIP Configuration Networking with Routing Information ProtocolShow ip rip interface all Command Configuring Static Routes Static Routing Configuration16.1.1Configure the Router at Site a 16.1.2Configure the Router at site BBlackbox/configure ip route 0.0.0.0 0.0.0.0 10.1.1.2 17.1.2Configuring interface ethernet Configuring Open Shortest Path First Routing17.1.1Configuring the host name 17.1.3Configuring interface bundle Dallas17.1.6Displaying neighbors 17.1.4Configuring ospf17.1.5Configuring ospf interface parameters 17.1.7Displaying ospf routesConfiguring Generic Routing Encapsulation Configuring GREInstalling Licenses GRE Configuration Examples 18.3.1Configuring Site to Site Tunnel GRE Configuration ExamplesFor more information enter Configuring GRE Site to Site with IPSec Configuring GRE Site to Site withConfiguring GRE Site to Site with IPSec and Ospf Add to the Cisco configuration aboveConfiguring Ospf and Frame Relay Ospf Frame Relay19.1.3Configuring interface bundle Dallas 19.1.1Configuring the host name19.1.2Configuring interface ethernet 19.1.4Configuring OspfConfiguring Protocol Independent Multicasting Routing PIM Configuration20.1.1PIM Commands Bootstrap Router related Commands PIM Configuration Show and debug PIM commands are20.1.2PIM Configuration Examples Blackbox/configure/ip/pim register-suppress-timeoutBlackbox/configure display ip pim global Blackbox/configure display ip pim neighbors Blackbox clear ip pim statistics 116 Multicast Traceroute Facility Mtrace Configuration21.1.1mtrace Command RestrictionsMtrace Example Blackbox mtrace 192.168.0.0 192.168.2.22Configuring Quality of Service Routing Configuring QoS22.1.1Features 22.1.2Definitions 22.1.3Classification TypesCreate bundle AppTest Configuring QoSVlan Identifiers Create traffic classes22.1.5Bulk Statistics Create bundle VLANtestCreate traffic classes and assign classifications Screen Display for show qos bulkstatsconfig Command Configuring bulk statistics124 Virtual LAN Tagging Managing Traffic with Vlan TaggingReston configuration Black Box LR1104A # The POP router is 205.1.1.1/30DC configuration Black Box LR1114A Managing Traffic with Vlan Tag128 24.1.1Configuration Details Managing Redundant ConnectionsTrunk Group/Failover Configure the Black Box LR1114A for Failover Operation 25.1.1Module Configuration WAN Interface Configurations25.1 T1 Interface Configuration Bundle ConfigurationBlackbox/configure interface bundle demo2 Configure a Fractional T1 Hdlc BundleConfigure a T1 PPP Bundle Configure an N x T1 Mlppp BundleVirtual LAN Forwarding Managing Vlan Traffic134 26.1.1POP configuration Black Box LR1104A 26.1.2Bldg1 configuration Black Box LR1114AManaging Vlan Traffic Configure interface bundle uplink Configure Snmp10 br Features Mutlilink Frame Relay27.1Multilink Frame Relay FRF.15 and FRF.16 27.1.1.4 # Configure CVC3 27.1.1.1 # Configure Ethernet interface27.1.1.2 # Configure CVC1 27.1.1.5 #Configure AVCConfiguring Frame Relay Multilink Frame Relay Layer Two Configurations FR and MFRFR Configuration Configure the Hssi Bundle at SiteConfigure the Clear Channel Bundle on the LR1104A MFR ConfigurationLayer Two Configurations FR Configure the LR1104A LR1104A at Site142 Copyright 2004. Black Box Corporation. All rights reserved