Manuals / Enterasys Networks / Computer Equipment / Network Router

Enterasys Networks XSR-3020 manual GRE over IPSec

Models: XSR-3020

1 110

Download 110 pages 4.16 Kb

Page 29

System Description

SecurID (third-party plug-in)

Certificates (embedded/smart cards) – Microsoft only

•Encryption

•Advanced Encryption Standard (AES), Triple Data Encryption Standard (3DES), Data Encryption Standard (DES)

•3DES/DES acceleration

•Data Integrity

•MD5 & SHA-1 algorithms

•Internet Protocol Security (IPsec)

•Encapsulating Security Payload (ESP), Authentication Header (AH) & IPComp

•Tunnel & Transport mode

•Diffie-Hellman Groups 1 & 2

•Mode Config for IP address assignment

•NAT Traversal via UDP encapsulation

•Public Key Infrastructure (PKI)

•Microsoft, Verisign Certificate Authority (CA) support

•Simple Certificate Enrollment Protocol (SCEP)

•Chained CA support

•CRL checking (Hypertext Transfer Protocol [HTTP] & Lightweight Directory Access Protocol (LDAP)

•Network Address Translation (NAT)

•Static NAT, on the interface and port-forwarded static NAT

•PAT (NAPT) by port source and destination address

•Dynamic NAT by source/destination IP address

•Dynamic NAT pool mapping with overload

•PPTP/GRE ALG and arbitrary IP address for NAPT

•Multiple NATs on an interface

•Dynamic Host Configuration Protocol (DHCP)

•DHCP Server

•OSPF over VPN

•DF Bit override

GRE over IPSec

•ToS bit preservation

•IP helper on VPN interfaces

•IETF/Microsoft-compatible NAT traversal for L2TP

•QoS over VPN

XSR Getting Started Guide 1-9

Image 29

Enterasys Networks XSR-3020 manual GRE over IPSec

Contents

XSR-3020 Getting Started Guide VersionX-Pedition Security Router Page Enterasys Networks, Inc 50 Minuteman Road Andover, MA Federal Communications Commission FCC Notice Regulatory Compliance InformationR & TTE Directive Declaration Industry Canada NoticesClass A ITE Notice Clase A. Aviso de ITESeguridad del Producto Product SafetyProduktsicherheit Electromagnetic Compatibility EMCSupplement to Product Instructions BSMI EMC Statement - Taiwan VCCI NoticeDeclaration of Conformity Manufacturer’s Name Enterasys Networks, IncFederal Information Processing Standard FIPS Certification Australian TelecomIndependent Communications Authority of South Africa VPN Consortium InteroperabilityBEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT Enterasys Networks, Inc. Firmware License AgreementCAREFULLY READ THIS LICENSE AGREEMENT You and Enterasys agree as follows5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Program i was developed solely at private expense ii contains “restricted computer software” submitted with restricted rights in accordance with section 52.227‐19 a through d of the Commercial Computer Software‐Restricted Rights Clause and its successors, and iii in all respects is proprietary data belonging to Enterasys and/or its suppliers. For Department of Defense units, the Program is considered commercial computer software in accordance with DFARS section 227.7202‐3 and its successors, and use, duplication, or disclosure by the U.S. Government is subject to restrictions set forth herein 11. ASSIGNMENT. You may not assign, transfer or sublicense this Agreement or any of Your rights or obligations under this Agreement, except that You may assign this Agreement to any person or entity which acquires substantially all of Your stock assets. Enterasys may assign this Agreement in its sole discretion. This Agreement shall be binding upon and inure to the benefit of the parties, their legal representatives, permitted transferees, successors and assigns as permitted by this Agreement. Any attempted assignment, transfer or sublicense in violation of the terms of this Agreement shall be void and a breach of this Agreement Chapter 2 Hardware Installation ContentsChapter 3 Software Configuration About This GuideConfiguring the WAN Ports Index Appendix A SpecificationsPage Conventions Used in This Guide Contents of the GuideAbout This Guide Italics/It áli ca Bold/En negrillaGetting Help Page System Description OverviewFigure 1-1 Typical XSR-3020 Topology Hardware FeaturesFigure 1-2 XSR-3020 Operating System Software FeaturesIndustry-common CLI IP ProtocolSNMP and Statistics Gathering IP RoutingFrame Relay SecurityIntegrated Services Digital Network ISDN - BRI/PRI Dynamic Host Configuration Protocol DHCPVirtual Private Network VPN Quality of Service QoSGRE over IPSec Dial Backup Dial ServiceAsynchronous Digital Subscriber Line ADSL Dial-on-Demand/Bandwidth-on-Demand DoD/BoDInstallation Overview 1-12 Overview Installation OverviewInstallation Site Suggestions Hardware InstallationIntroduction Verifying Your ShipmentFigure 2-1 Removing XSR Cover Installing NIM Cards and Rack MountingFigure 2-3 Attaching NIM card to Motherboard Figure 2-2 Removing NIM Slot CoverFigure 2-5 Attaching XSR to Rack Figure 2-4 Fastening Rack Brackets3020 3020CompactFlash Card Installation Installing a CompactFlash Memory CardFigure 2-6 Typical CompactFlash Card Figure 2-7 Removing CompactFlash Cover PlateFigure 2-8 Installing CompactFlash Card CompactFlash Card for the ADSL NIMFormatting the CompactFlash Card Figure 2-10 Attaching T1/PRI or BRI Port Connector Connecting CablesFigure 2-9 Connecting Serial COM Console Cable Figure 2-12 Attaching T3/E3 BNC Connectors Figure 2-11 Connecting High Speed Serial ConnectorALARM ENABLEFigure 2-14 Attaching T1 Drop & Insert Connector Figure 2-13 Connecting ADSL Connector3020 NIM1Figure 2-16 Inserting Mini-GBIC Module Figure 2-15 Attaching Ethernet ConnectorLink TX G ETH3Figure 2-18 Attaching Ethernet Fiber LAN NIM Connector Figure 2-17 Attaching Ethernet LAN NIM Connector3020 3020100~125V~1 Figure 2-19 Connecting Power Supply CordLINE 200~240V~0.25AInitializing XSR Software Software ConfigurationETHERNET Activity LEDs blink when frames pass on the LAN Configuring RAI for Frame Relay Optional Configuring Remote Auto InstallOpening a COM Console Session Characteristics” on pageXSRconfig-ifS1/0.1#exit XSRconfigexit Configuring RAI over ADSL Configuring RAI for DHCP over LANPage Setting the Clock Configuring the XSR Name and User InformationSetting User Name, Privilege and Password 3. Enter hostname your XSR designationPRI Configuration Configuring the LAN PortsConfiguring the WAN Ports BRI Leased Frame Relay BRI ConfigurationBRI Leased Line BRI Switched Line PPPoA ADSL ConfigurationPPPoE IPoA Firewall Sample ConfigurationFigure 3-1 XSR with Firewall Topology 3-14 Software Configuration Setting Up RIP RoutingSetting Up RIP Routing Configuring Frame Relay Point to Point Networks Configure OSPF RoutingSetting Up an SNMP Community String, Traps and V3 Values 7. Optional. For SNMPv3, enter snmp-server user username group name Configuring Message Logging and Severity LevelViewing Your Configuration Figure 3-2 Initial Web Access Window Connecting Remotely via the WebProduct Version X-Pedition ProductsFigure 3-3 Web Product Version Window Backup Site Hostname branch2 LAN-PPP Services Sample ConfigurationFigure 3-4 Sample LAN-PPP Services Configuration Frame Relay WAN Link with PPP Backup Sample Configuration Configure Quality of Service Configure Users and PasswordsConfigure LAN Interface Configure WAN/Frame Relay Port Apply QoS Configure OSPF RoutingConfigure More Access Lists Configure the Dial Backup Connection Configure DHCP/BOOTP RelayConfigure SNMP VPN Site-to-Site Sample ConfigurationCentral Site Branch SitesSet Up IKE Phase I Security Configure Access Control ListsConfigure IKE Policy for Remote Peer Generate Master Encryption KeyCreate a Transform Set Configure Crypto MapsConfiguring VPN at Interface Mode and Setting Up RIP Configuring Authentication AAA VPN Sample Configuration with Network Extension ModeGigabitEthernet 1 172.16.10/24 Figure 3-6 VPN Topology with NEM, EZ-IPSec and Internet Accesseth0 10.11.11.1/24 Gigabitethernet 2 26.26.26.10/24Create the ISAKMP IKE global peer Initialization Output XSR Rebooting CharacteristicsTable 1 Reboot Triggers Reboot TriggersBoot Type CauseTable 1 Reboot Triggers continued Power-up Error ConditionsPower-Up Reboot Reload Command from the CLIBootrom Monitor Mode Commands Page copy Page rename removeThis command shows network values with the following sample output This command shows the bootrom version with sample output below 3-42 Software Configuration Bootrom Monitor Mode CommandsSystem Specifications SpecificationsTable A-1 XSR Hardware Specifications CategoryTable A-1 XSR Hardware Specifications continued Cable, CompactFlash and Accessory SpecificationsTable A-2 XSR Cabling/Accessory Guide ConnectorConnector Table A-2 XSR Cabling/Accessory Guide continuedCable, CompactFlash and Accessory Specifications Part DescriptionFigure A-1 COM Port Pinouts COM Console PortSignal Mini-GBIC Fiber, Copper Port GigabitEthernet PortsSignal Figure A-2 GigaBitEthernet Port Pinouts EthCopper/Fiber-optic Ethernet NIMs Regulatory/Safety ComplianceSignal Figure A-3 Copper Ethernet NIMJ1 68-pin male SCSI II type connector 2/4-Port Serial NIM Card PortJ2 - J5 DB-15 type male connector Figure A-6 High Speed Serial NIM PortJ2 - J5 DB-25 type male RxD2+connector J1 68-pin male SCSI II type connectorFigure A-8 EIA-232/530 DTE Pin AssignmentsJ1 68-pin male SCSI RD2+II type connector J2 - J5 DB-37 type male connectorFigure A-9 EIA-449 DTE Pin AssignmentsJ3, J5 V.35-type male connector J1 68-pin male SCSI III-type connectorJ2. J4 DB-25-type male connector Pins not shown are unused Figure A-10 Combined V.35/EIA-232/530 DTE Pin AssignmentsJ2 - J5 V.35 type male connector J1 68-pin male SCSI II type connectorFigure A-11 V.35 DTE Pin AssignmentsRegulatory/Safety Compliance T1/E1/ISDN PRI NIM Card PortsSignal Figure A-12 4-Port T1/E1/ISDN PRI NIM Card RJ-48C ports shownGrounding Shunt for E1 NIM Cards Balun for E1 or PRI NIM CardsFigure A-14 Balun for E1 or PRI Connection Figure A-15 Sample Grounding ShuntFigure A-16 Installing a Grounding Shunt on the E1 NIM Card Installing Shunt/Terminal StripFigure A-17 1-Port T3/E3 NIM Card T3/E3 NIM CardRegulatory/Safety Compliance Signal 1/2-Port BRI-S/T NIM Card PortsFigure A-18 ISDN BRI-S/T NIM Card RJ-45 ports shown Figure A-19 ISDN BRI-S/T -NIM PinoutsInstalling Shunt/Terminal Strip Termination Shunt for the ISDN BRI-S/T NIM CardFigure A-20 Installing a Termination Shunt on BRI-S/T NIM Card Receive Pair TerminationRegulatory/Safety Compliance 1/2-Port BRI-U NIM Card PortsSignal Figure A-21 ISDN BRI-U NIM Card RJ-49C ports shownRegulatory/Safety Compliance 1-Port ADSL NIM Card PortSignal Figure A-23 ADSL NIM CardRegulatory/Safety Compliance T1/E1 Drop & Insert D&I NIMSignal Figure A-25 T1/E1 D&I NIM CardLED Behavior CompactFlash Memory CardFigure A-27 CompactFlash Memory Card Figure A-28 XSR LEDsFunction Table A-3 LED Description continuedState Index how to attach the Ethernet serial cable