Interoperability Profile for the XSR

XSR(config)#crypto ipsec transform-set esp-des-md5 esp-des esp-md5-hmac XSR(cfg-crypto-tran)#set pfs group2

XSR(cfg-crypto-tran)#no set security-association life kilo XSR(cfg-crypto-tran)#set security-association life secon 700

XSR(config)#crypto map test 20

XSR(config-crypto-m)#set transform-set esp-des-md5

XSR(config-crypto-m)#match address 120

XSR(config-crypto-m)#set peer 192.168.2.5

XSR(config-crypto-m)#mode tunnel

XSR(config)#interface fastethernet 1

XSR(config-if<F1>)#no shutdown

XSR(config-if<F1>)#ip address 192.168.1.2 255.255.255.0

XSR(config)#interface fastethernet 2

XSR(config-if<F2>)#crypto map test

XSR(config-if<F2>)#no shutdown

XSR(config-if<F2>)#ip address 192.168.2.2 255.255.255.0

XSR(config)#ip route 192.168.3.0 255.255.255.0 192.168.2.5

XSR(config)#ip route 0.0.0.0 0.0.0.0 192.168.2.1

XSR(config)#snmp-server disable

Interoperability Profile for the XSR

Scenario 1: Gateway-to-Gateway with Pre-Shared Secrets

This section describes how to configure the XSR according to the VPN Consortium’s interoperability scenarios (http://www.vpnc.org/). The following is a typical gateway-to- gateway VPN that uses a pre-shared secret for authentication, as illustrated in Figure 14-13.

Figure 14-13 Gateway-to Gateway with Pre-Shared Secrets Topology

10.5.6.0/24

Gateway A

Gateway B

172.23.9.0/24

 

 

 

 

 

 

 

 

 

 

 

Internet

AL

AW

BW

BL

10.5.6.1

14.15.16.17

22.23.24.25

172.23.9.1

Gateway A connects the internal LAN 10.5.6.0/24 to the Internet. Gateway A's LAN interface has the address 10.5.6.1, and its WAN (Internet) interface has the address 14.15.16.17.

Gateway B connects the internal LAN 172.23.9.0/24 to the Internet. Gateway B's WAN (Internet) interface has the address 22.23.24.25. Gateway B's LAN interface address, 172.23.9.1, can be used for testing IPsec but is not needed for configuring Gateway A.

The IKE Phase 1 parameters used in Scenario 1 are:

14-46 Configuring the Virtual Private Network

Page 368
Image 368
Enterasys Networks X-PeditionTM manual Interoperability Profile for the XSR