Create the Isakmp IKE global peer | Enterasys Networks XSR-3150

VPN Sample Configuration with Network Extension Mode

Create user(s), specify an IP from virtual subnet, and assign a password:

XSR(config)#aaa user nem-test

XSR(config)#password welcome

XSR(config)#aaa user jeffb

XSR(config)#password welcome

Check to make sure the transforms and proposals were created properly:

XSR#show crypto ipsec transform-set		ESP	ESP-AH	AH	IPCOMP
Name	PFS	ESP	ESP-AH	AH	IPCOMP
----	---	---	------	--	------
*ez-esp-3des-sha-pfs	Modp768	3DES	HMAC-SHA	None	None
*ez-esp-3des-sha-no-pfs	Disabled	3DES	HMAC-SHA	None	None
*ez-esp-3des-md5-pfs	Modp768	3DES	HMAC-MD5	None	None
*ez-esp-3des-md5-no-pfs	Disabled	3DES	HMAC-MD5	None	None
*ez-esp-aes-sha-pfs	Modp768	AES	HMAC-SHA	None	None
*ez-esp-aes-sha-no-pfs	Disabled	AES	HMAC-SHA	None	None
*ez-esp-aes-md5-pfs	Modp768	AES	HMAC-MD5	None	None
*ez-esp-aes-md5-no-pfs	Disabled	AES	HMAC-MD5	None	None

XSR#show crypto isakmp proposal		Encrypt	Integrity	Group	Lifetime
Name	Authentication	Encrypt	Integrity	Group	Lifetime
----	--------------	-------	---------	-----	--------
*ez-ike-3des-sha-psk PreSharedKeys		3DES	HMAC-SHA	Modp1024	28800
*ez-ike-3des-md5-psk PreSharedKeys		3DES	HMAC-MD5	Modp1024	28800
*ez-ike-3des-sha-rsa RSASignature		3DES	HMAC-SHA	Modp1024	28800
*ez-ike-3des-md5-rsa	RSASignature	3DES	HMAC-MD5	Modp1024	28800

Create the ISAKMP IKE global peer:

XSR#crypto isakmp peer 0.0.0.0 0.0.0.0

XSR#config-mode gateway

XSR#exchange-mode aggressive

XSR#proposal ez-ike-3des-sha-psk ez-ike-3des-md5-psk

Create the ACL for trusted subnet of the XSR and virtual subnet of XSR:

XSR(config)#access-list 101 permit ip any 10.11.11.0 0.0.0.255 XSR(config)#access-list 102 permit ip any 10.12.12.0 0.0.0.255 XSR(config)#access-list 103 permit ip any 10.10.10.0 0.0.0.255

Create crypto map statements for each ACL entry with the more protective tunnel mode set by default. Match statements render the associated ACLs bi-directional:

XSR(config)#crypto map test 101

XSR(config)#set transform-set ez-esp-3des-sha-pfs

XSR(config)#match address 101

XSR(config)#crypto map test 102

XSR(config)#set transform-set ez-esp-3des-sha-pfs

XSR(config)#match address 102

XSR(config)#crypto map test 103

XSR(config)#set transform-set ez-esp-3des-sha-pfs

XSR(config)#match address 103

3-32 Software Configuration

Enterasys Networks XSR-3150 manual Create the Isakmp IKE global peer

Models: XSR-3150

Create the ISAKMP IKE global peer: