Create the Isakmp IKE global peer | Enterasys Networks XSR-3020

VPN Sample Configuration with Network Extension Mode

Configure AAA authentication by assigning a virtual subnet to the DEFAULT AAA group, associate it with DNS and WINs servers, and add two AAA users with passwords.

When a remote XSR tunnels into the local XSR, it will be assigned these DNS, WINS and PPTP values and be assigned dynamically to the IP pool virtual_subnet. Be aware that users not added to a specified group will automatically be assigned to the DEFAULT group and groups must be created before users can be added to them. Remember to create the same users and passwords on the remote XSRs.

XSR(ip-local-pool)#aaa group DEFAULT

XSR(aaa-group)#ip pool virtual_subnet

Configure DNS and WINS parameters:

XSR(aaa-group)#dns server primary 172.16.10.10

XSR(aaa-group)#dns server secondary 172.16.10.11

XSR(aaa-group)#wins server primary 172.16.10.10

XSR(aaa-group)#wins server secondary 172.16.10.11

Create user(s), specify an IP from virtual subnet, and assign a password:

XSR(config)#aaa user nem-test

XSR(config)#password welcome

XSR(config)#aaa user jeffb

XSR(config)#password welcome

Check to make sure the transforms and proposals were created properly:

Router#show crypto ipsec transform-set			ESP-AH	AH	IPCOMP
Name	PFS	ESP	ESP-AH	AH	IPCOMP
----	---	---	------	--	------
*ez-esp-3des-sha-pfs	Modp768	3DES	HMAC-SHA	None	None
*ez-esp-3des-sha-no-pfs	Disabled	3DES	HMAC-SHA	None	None
*ez-esp-3des-md5-pfs	Modp768	3DES	HMAC-MD5	None	None
*ez-esp-3des-md5-no-pfs	Disabled	3DES	HMAC-MD5	None	None
*ez-esp-aes-sha-pfs	Modp768	AES	HMAC-SHA	None	None
*ez-esp-aes-sha-no-pfs	Disabled	AES	HMAC-SHA	None	None
*ez-esp-aes-md5-pfs	Modp768	AES	HMAC-MD5	None	None
*ez-esp-aes-md5-no-pfs	Disabled	AES	HMAC-MD5	None	None

XSR#show crypto isakmp proposal		Encrypt	Integrity	Group	Lifetime
Name	Authentication	Encrypt	Integrity	Group	Lifetime
----	--------------	-------	---------	-----	--------
*ez-ike-3des-sha-psk PreSharedKeys		3DES	HMAC-SHA	Modp1024	28800
*ez-ike-3des-md5-psk PreSharedKeys		3DES	HMAC-MD5	Modp1024	28800
*ez-ike-3des-sha-rsa RSASignature		3DES	HMAC-SHA	Modp1024	28800
*ez-ike-3des-md5-rsa RSASignature		3DES	HMAC-MD5	Modp1024	28800
Create the ISAKMP IKE global peer:

XSR(config)#crypto isakmp peer 0.0.0.0 0.0.0.0

XSR#config)#config-mode gateway

XSR(config)#exchange-mode aggressive

XSR(config)#proposal ez-ike-3des-sha-psk ez-ike-3des-md5-psk

Create the ACL for trusted subnet of the XSR and virtual subnet of XSR:

XSR(config)#access-list 101 permit ip any 10.11.11.0 0.0.0.255 XSR(config)#access-list 102 permit ip any 10.12.12.0 0.0.0.255

XSR Getting Started Guide 3-31

XSR-3020 specifications

Enterasys Networks XSR-3020 is a sophisticated Layer 2 and Layer 3 switch designed to meet the demands of modern networking environments. Known for its robust performance and versatility, the XSR-3020 is an ideal solution for enterprises that require high efficiency, comprehensive security, and network reliability.

This switch supports a variety of advanced technologies, making it suitable for both data center and edge deployments. One of its standout features is its scalability. The XSR-3020 can accommodate growing network demands by allowing for easy integration of additional modules. This capacity for expansion ensures that organizations can adapt their networks without the need for complete hardware replacements.

The XSR-3020 offers high-speed connectivity through its multiple gigabit Ethernet ports, providing up to 48 10/100/1000BASE-T ports in a single chassis. This high-density design optimizes the physical space and ensures that organizations can connect numerous devices simultaneously without sacrificing performance. Additionally, it supports Power over Ethernet (PoE), allowing users to power network devices, such as IP cameras and access points, directly through the switch. This feature streamlines installations and reduces the clutter of electrical wiring.

Security is a critical consideration in today’s network landscape, and the XSR-3020 addresses this need with robust security features. It incorporates advanced access control capabilities, enabling administrators to segment traffic and enforce policies effectively. The switch also supports 802.1X authentication, ensuring that only authorized devices can connect to the network.

In terms of management, the XSR-3020 is designed to simplify operations through its user-friendly interface and extensive support for management protocols. It offers native support for Simple Network Management Protocol (SNMP) and can be easily integrated with various network management systems, allowing for efficient monitoring and troubleshooting.

Another key characteristic of the XSR-3020 is its reliability. With features such as redundant power supplies and fans, the switch ensures high availability, minimizing downtime for critical applications. It is also built to withstand harsh conditions, making it suitable for diverse environments.

Overall, the Enterasys Networks XSR-3020 combines high performance, scalability, and security, making it an excellent choice for organizations looking to enhance their network infrastructure. Its comprehensive set of features positions it as a reliable backbone for any modern enterprise network, ensuring that businesses can operate efficiently and securely.

Enterasys Networks XSR-3020 manual Create the Isakmp IKE global peer

Models: XSR-3020

Configure DNS and WINS parameters:

Create the ISAKMP IKE global peer:

XSR-3020 specifications