Enterasys Networks XSR-3020 manual Create the ISAKMP IKE global peer

VPN Sample Configuration with Network Extension Mode

Configure AAA authentication by assigning a virtual subnet to the DEFAULT AAA group, associate it with DNS and WINs servers, and add two AAA users with passwords.

When a remote XSR tunnels into the local XSR, it will be assigned these DNS, WINS and PPTP values and be assigned dynamically to the IP pool virtual_subnet. Be aware that users not added to a specified group will automatically be assigned to the DEFAULT group and groups must be created before users can be added to them. Remember to create the same users and passwords on the remote XSRs.

XSR(ip-local-pool)#aaa group DEFAULT

XSR(aaa-group)#ip pool virtual_subnet

Configure DNS and WINS parameters:

XSR(aaa-group)#dns server primary 172.16.10.10

XSR(aaa-group)#dns server secondary 172.16.10.11

XSR(aaa-group)#wins server primary 172.16.10.10

XSR(aaa-group)#wins server secondary 172.16.10.11

Create user(s), specify an IP from virtual subnet, and assign a password:

XSR(config)#aaa user nem-test

XSR(config)#password welcome

XSR(config)#aaa user jeffb

XSR(config)#password welcome

Check to make sure the transforms and proposals were created properly:

XSR(config)#crypto isakmp peer 0.0.0.0 0.0.0.0

XSR#config)#config-mode gateway

XSR(config)#exchange-mode aggressive

XSR(config)#proposal ez-ike-3des-sha-psk ez-ike-3des-md5-psk

Create the ACL for trusted subnet of the XSR and virtual subnet of XSR:

XSR(config)#access-list 101 permit ip any 10.11.11.0 0.0.0.255 XSR(config)#access-list 102 permit ip any 10.12.12.0 0.0.0.255

XSR Getting Started Guide 3-31