Configuration Examples

Clear the DF bit globally:

XSR(config)#crypto ipsec df-bit clear

Enable the OSPF engine, VPN and FastEthernet 1 interfaces for routing:

XSR(config)#router ospf 1

XSR(config-router)#network 10.120.70.0 0.0.0.255 area 5.5.5.5 XSR(config-router)#network 10.120.112.0 0.0.0.255 area 5.5.5.5

Create a group for NEM and Client mode users:

XSR(config)#aaa group sohoclient

XSR(aaa-group)#dns server primary 10.120.112.220

XSR(aaa-group)#dns server secondary 0.0.0.0

XSR(aaa-group)#wins server primary 10.120.112.220

XSR(aaa-group)#wins server secondary 0.0.0.0

XSR(aaa-group)#ip pool test

XSR(aaa-group)#pptp encrypt mppe 128

XSR(aaa-group)#policy vpn

Define a group for remote access XP users including DNS and WINs servers, an IP pool, PPTP and L2TP values, and client VPN permission:

XSR(config)#aaa group XPusers

XSR(aaa-group)#dns server primary 10.120.112.220

XSR(aaa-group)#dns server secondary 0.0.0.0

XSR(aaa-group)#wins server primary 10.120.112.220

XSR(aaa-group)#wins server secondary 0.0.0.0

XSR(aaa-group)#ip pool test

XSR(aaa-group)#pptp encrypt mppe 128

XSR(aaa-group)#policy vpn

Configure the RADIUS AAA method to authenticate remote access users:

XSR(config)#aaa method radius msradius default

XSR(aaa-method-radius)#backup test

XSR(aaa-method-radius)#enable

XSR(aaa-method-radius)#group DEFAULT

XSR(aaa-method-radius)#address ip-address 10.120.112.179

XSR(aaa-method-radius)#key welcome

XSR(aaa-method-radius)#auth-port 1812

XSR(aaa-method-radius)#acct-port 1646

XSR(aaa-method-radius)#attempts 1

XSR(aaa-method-radius)#retransmit 1

XSR(aaa-method-radius)#timeout 5

XSR(aaa-method-radius)#qtimeout 0

Set branch office EZ-IPSec on the PPPoE, FastEthernet sub-interface 2.2, using certificates:

XSR(config)#interface FastEthernet 1

XSR(config-if<F1>)#ip address 172.16.1.1 255.255.255.0

XSR(config-if<F1>)#no shutdown

XSR(config)#interface FastEthernet 2

XSR(config-if<F2>)#no shutdown

XSR(config)#interface fastethernet 2.2

XSR(config-if)#crypto ezipsec

XSR User’s Guide 14-39

Page 360 Page 362
Page 361
Image 361
Enterasys Networks X-PeditionTM manual Clear the DF bit globally, Create a group for NEM and Client mode users
Page 360 Page 362
Top Page Image Contents