VPN Site-to-Site Sample Configuration

XSR(config)#crypto map acme 91

XSR(config-crypto-m)#set transform-set esp-3des-sha

XSR(config-crypto-m)#match address 191

XSR(config-crypto-m)#set peer 112.16.244.7

XSR(config)#crypto map acme 90

XSR(config-crypto-m)#set transform-set esp-3des-sha

XSR(config-crypto-m)#match address 190

XSR(config-crypto-m)#set peer 112.16.244.9

Configuring VPN at Interface Mode and Setting Up RIP

The following commands configure the LAN physical ports as follows: GigabitEthernet port 1 is designated Internal LAN, with the specified IP address/subnet as the designated network. GigabitEthernet port 2 is named VPN Cloud, assigned crypto map acme with associated ACLs, and directed not to transmit or receive RIP updates. Also, RIP routing and four IP routes are configured as well as a VPN interface for AAA service.

XSR(config)#interface gigabitethernet 1

XSR(config-if<F1>)#description “Internal LAN”

XSR(config-if<F1>)#no shutdown

XSR(config-if<F1>)#ip address 112.16.1.221/24

XSR(config)#interface gigabitethernet 2

XSR(config-if<F2>)#crypto map acme

XSR(config-if<F2>)#description “VPN Cloud”

XSR(config-if<F2>)#no shutdown

XSR(config-if<F2>)#ip access-group 101 in

XSR(config-if<F2>)#ip access-group 101 out

XSR(config-if<F2>)#ip address 112.16.244.10/24

XSR(config)#interface vpn 57 multi-point

XSR(config-int-vpn)#ip address 192.168.2.1 255.255.255.0

XSR(config)#router rip

XSR(config-router)#network 112.16.10.0

XSR(config-router)#passive-interface gigabitethernet 2

XSR(config-router)#no receive-interface gigabitethernet 2

XSR(config-router)#distribute-list 1 out vpn 1

XSR(config)#ip route 0.0.0.0 0.0.0.0 112.16.244.9

XSR(config)#ip route 112.16.72.0/24 112.16.244.9

XSR(config)#ip route 112.16.76.0/24 112.16.244.7

XSR(config)#ip route 112.16.80.0/24 112.16.244.5

XSR Getting Started Guide 3-29

Page 73
Image 73
Enterasys Networks XSR-3150 manual Configuring VPN at Interface Mode and Setting Up RIP