Manuals / Enterasys Networks / Computer Equipment / Network Router

Enterasys Networks XSR-3020 manual VPN Sample Configuration with Network Extension Mode

Models: XSR-3020

1 110
Download 110 pages 4.16 Kb
Page 73
Image 73
Configuring Authentication (AAA)

VPN Sample Configuration with Network Extension Mode

XSR(config)#interface vpn 57 multi-point

XSR(config-int-vpn)#ip address 192.168.2.1 255.255.255.0

XSR(config)#router rip

XSR(config-router)#network 112.16.10.0

XSR(config-router)#passive-interface gigabitethernet 2

XSR(config-router)#no receive-interface gigabitethernet 2

XSR(config-router)#distribute-list 1 out vpn 1

XSR(config)#ip route 0.0.0.0 0.0.0.0 112.16.244.9

XSR(config)#ip route 112.16.72.0 255.255.255.0 112.16.244.9

XSR(config)#ip route 112.16.76.0 255.255.255.0 112.16.244.7

XSR(config)#ip route 112.16.80.0 255.255.255.0 112.16.244.5

Configuring Authentication (AAA)

Configure an AAA user and DEFAULT AAA group for remote users. When an ANG tunnels into the XSR, it will be assigned dynamically to the IP pool AUTH. Be aware that groups must be created before users can be added to them. Remember to create the same users and passwords on the ANG. The IP address assigned to the AAA user is the remote gateway IP address.

XSR(config)#ip local pool AUTH 192.168.2.0 255.255.255.0

XSR(config)#aaa user 112.16.244.9

XSR(aaa-user)#password dribble

XSR(aaa-user)#group DEFAULT

XSR(aaa-group)#pptp encrypt mppe auto

XSR(aaa-group)#ip pool AUTH

XSR(aaa-group)#policy vpn

VPN Sample Configuration with Network Extension Mode

The following sample topology is ideal for testing a VPN NEM tunnel connection on a LAN before actually configuring a production network. If the configuration works properly, simply change the GigabitEthernet settings to the Serial or T1 interface values of your choice.

The XSR below is configured as a VPN concentrator with Internet access allowed and Network Extension Mode (NEM) tunnels set up. NEM is designed to open up network resources situated behind the XSR. You configure NEM to provide routing for nodes connected to the trusted port of the router so that locally and remotely connected devices can discover and communicate with each other across an IKE/IPSec tunnel.

The XSR’s EZ-IPSec functionality is employed to automatically access default ESP transforms and IPSec proposals. The following script configures the VPN topology shown in Figure 3-6.

XSR Getting Started Guide 3-29

Page 72 Page 74
Page 73
Image 73
Enterasys Networks XSR-3020 manual VPN Sample Configuration with Network Extension Mode, Configuring Authentication AAA
Page 72 Page 74