GRE over IPSec | Enterasys Networks XSR-3150 guide

System Description

Certificates (embedded/smart cards) – Microsoft only

•Encryption

•Advanced Encryption Standard (AES), Triple Data Encryption Standard (3DES), Data Encryption Standard (DES)

•3DES/DES acceleration

•Data Integrity

•MD5 & SHA-1 algorithms

•Internet Protocol Security (IPsec)

•Encapsulating Security Payload (ESP), Authentication Header (AH) & IPComp

•Tunnel & Transport mode

•Diffie-Hellman Groups 1 & 2

•Mode Config for IP address assignment

•NAT Traversal via UDP encapsulation

•Public Key Infrastructure (PKI)

•Microsoft, Verisign Certificate Authority (CA) support

•Simple Certificate Enrollment Protocol (SCEP)

•Chained CA support

•CRL checking (Hypertext Transfer Protocol [HTTP] & Lightweight Directory Access Protocol (LDAP)

•Network Address Translation (NAT)

•Static NAT, on the interface and port-forwarded static NAT

•PAT (NAPT) by port source and destination address

•Dynamic NAT by source/destination IP address

•Dynamic NAT pool mapping with overload

•PPTP/GRE ALG and arbitrary IP address for NAPT

•Multiple NATs on an interface

•Dynamic Host Configuration Protocol (DHCP)

•DHCP Server

•OSPF over VPN

•DF Bit override

GRE over IPSec

•ToS bit preservation

•IP helper on VPN interfaces

•IETF/Microsoft-compatible NAT traversal for L2TP

•QoS over VPN

XSR Getting Started Guide 1-9

Image 29

Enterasys Networks XSR-3150 manual GRE over IPSec

Contents

Version PeditionSecurity RouterPage Enterasys Networks, Inc Minuteman Road Andover, MA Regulatory Compliance Information Industry Canada Notices Product Safety Supplement to Product Instructions Vcci Notice N826 Enterasys Networks, Inc. Firmware License Agreement Page Page Contents BRI Leased Line BRI Leased Frame Relay BRI Switched Line Index Appendix a Specifications Xiv About This Guide Contents of the Guide Bold/En negrilla FTP Getting Help Xviii System Description Overview Typical XSR-3150 Topology Hardware Features XSR-3150 Operating System Software FeaturesIndustry-common CLI IP Protocol Snmp and Statistics Gathering IP Routing Frame Relay Security Integrated Services Digital Network Isdn BRI/PRI Dynamic Host Configuration Protocol Dhcp Virtual Private Network VPN Quality of Service QoS GRE over IPSec Dial Backup Dial ServiceAsynchronous Digital Subscriber Line Adsl Dial-on-Demand/Bandwidth-on-Demand DoD/BoD Unpack the XSR from the shipping box. Remove accessories Installation Overview Installation Overview Verifying Your Shipment Installation Site SuggestionsIntroduction Removing XSR Cover Installing NIM Cards and Rack Mounting XSR Fastening Rack Brackets CompactFlash Card Installation Installing a CompactFlash Memory Card Formatting the CompactFlash Card CompactFlash Card for the Adsl NIM 3150 Connecting Cables 11 Connecting High Speed Serial Connector 13 Connecting Adsl Connector 15 Attaching GigabitEthernet Connector 17 Attaching Ethernet LAN NIM Connector 19 Connecting Dual Internal Power Supply Cords Initializing XSR Software Software Configuration Initializing XSR Software Opening a COM Console Session Optional Configuring Remote Auto InstallConfiguring RAI for Frame Relay Remote Auto Install Attempting Forever Configuring RAI over Adsl Configuring RAI for Dhcp over LAN Pppoe limit max-sessions Setting User Name, Privilege and Password Configuring the XSR Name and User InformationSetting the Clock PRI Configuration Configuring the LAN PortsConfiguring the WAN Ports BRI Leased Line BRI Configuration BRI Leased Frame Relay BRI Switched Line PPPoA Adsl ConfigurationPPPoE IPoA Firewall Sample Configuration XSR Complete LAN and WAN interface configuration Setting Up RIP Routing Configuring Frame Relay Point to Point Networks Configure Ospf Routing Setting Up an Snmp Community String, Traps and V3 Values Configuring Message Logging and Severity Level Connecting Remotely via the Web Viewing Your Configuration Web Product Version Window Pstn LAN-PPP Services Sample Configuration XSRconfig-controllerT1-1/0#no shutdown Configure Users and Passwords Frame Relay WAN Link with PPP Backup Sample ConfigurationConfigure LAN Interface Configure Quality of Service XSRconfig-pmap-cpriority-policy#priority high 30 Configure WAN/Frame Relay Port Apply QoS XSRconfig#interface serial 1/0.2 multipoint Configure More Access Lists Configure Ospf RoutingConfigure DHCP/BOOTP Relay Configure the Dial Backup Connection Configure Snmp Generate Master Encryption Key VPN Site-to-Site Sample ConfigurationConfigure Access Control Lists Configure IKE Policy for Remote Peer Set Up IKE Phase I SecurityConfigure Crypto Maps Create a Transform Set Configuring VPN at Interface Mode and Setting Up RIP Configuring Authentication AAA VPN Sample Configuration with Network Extension Mode Enable Network Address Translation Create the Isakmp IKE global peer Initialization Output XSR Rebooting Characteristics Power-Up Reboot Reboot Triggers Power-up Error Conditions Bootrom Monitor Mode Commands XSR-3150 bu btXSR300012.fls Verifying btXSR300012.fls file Copy Dir Del Ffc Rename Remove FTP Bootrom Monitor Mode Commands System Specifications Specifications WAN Cable, CompactFlash and Accessory Specifications XSR Getting Started Guide A-3 COM COM Console Port Mini-GBIC Fiber, Copper Port GigabitEthernet Ports Copper/Fiber-optic Ethernet NIMs Regulatory/Safety Compliance 21 DTE Port Serial NIM Card Port Figure A-8 EIA-232/530 DTE Pin Assignments Figure A-9 EIA-449 DTE Pin Assignments Figure A-10 Combined V.35/EIA-232/530 DTE Pin Assignments Figure A-11 DTE Pin Assignments T1/E1/ISDN PRI T1/E1/ISDN PRI NIM Card Ports Figure A-14 Balun for E1 or PRI Connection Balun for E1 or PRI NIM Cards Grounding Shunt for E1 NIM Cards Installing Shunt/Terminal Strip Figure A-17 1-Port T3/E3 NIM Card T3/E3 NIM Card Termination Shunt for the Isdn BRI-S/T NIM Card Port BRI-S/T Isdb NIM Card Ports XSR Getting Started Guide A-17 Figure A-21 Isdn BRI-U NIM Card RJ-49C ports shown Port BRI-U NIM Card Ports Figure A-23 Adsl NIM Card Port Adsl NIM Card Port Figure A-25 T1/E1 D&I NIM Card T1/E1 Drop & Insert D&I NIM LED Behavior CompactFlash Memory Card TX LED Index Index-2