Manuals / Enterasys Networks / Power Tools / Router

Enterasys Networks XSR-Series manual VPN via Dialer Interface rtr1, Dialer-list 1 protocol ip list

Models: XSR-Series

1 55

Download 55 pages 33.75 Kb

Page 19

5.4.1 VPN via Dialer Interface rtr1

XSR-1805-1#show running-config

!!

!Version 6.0.0.9, Built Dec 12 2003, 14:56:30

hostname XSR-1805-1

interface bri 0/1/0

isdn switch-type basic-net3 no shutdown

dialer pool-member 1 priority 0

access-list 101 permit		ip	20.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 101	permit	ip	any host 1.1.1.2
access-list 121	permit	ip	20.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255
!
crypto isakmp proposal		ISDN
authentication pre-share

!

crypto isakmp peer 1.1.1.2 255.255.255.255 proposal ISDN

!

crypto ipsec transform-set isdntr esp-3des esp-md5-hmac set pfs group2

no set security-association lifetime kilobytes

!

crypto map myisdn 20

set transform-set isdntr match address 121

set peer 1.1.1.2

!

interface FastEthernet 1

ip address 20.20.20.1 255.255.255.0 no shutdown

!

interface Dialer1 crypto map myisdn dialer pool 1 dialer string 120 encapsulation ppp dialer-group 1

ip address 1.1.1.1 255.255.255.0 no shutdown

!

ip route 10.10.10.0 255.255.255.0 1.1.1.2

!

dialer-list 1 protocol ip list 101

!

end

XSR-1805-1(config)#aaa user 1.1.1.2

XSR-1805-1(config-aaa)#password XSR

XSR-1805-1#

Configuration Guide

Page 19 of 55

Image 19

Enterasys Networks XSR-Series manual VPN via Dialer Interface rtr1, Dialer-list 1 protocol ip list

Contents

Configuration Guide Table of Contents Appendix Helpful commands for using the XSR platformIP-Static-routing IP-Loopback Interface IP-Address and Secondary Addresses configurationIP-OSPF-routing IP-RIPv1,v2-routing Ip local pool 10th 10.10.10.0 Sntp Simple Network Time Protocol Duplex full System login bannerDuplex half Configuration Guide XSR-1805config#access-list 110 move 1 Access control list moving online editingHostname XSR-18051 Router-2-BackupVirtual Router Redundancy Protocol RFC Router-1-MasterVrrp 1 priority Vrrp 1 master-respond-ping no shutdown Vrrp monitor interface function, interface trackingIp address 10.10.10.1 255.255.255.0 no shutdown Access-list 10 permit 10.10.10.0NAT static bindings NAT dynamic with PAT Port Address TranslationDialer Interface Controller e1 0/2/0 clock source internal no shutdown Dialer Backup interface functionUsername remote privilege 0 password is not displayed PAP for authentication PPPUsername remote privilege 0 cleartext iamRemote Chap for authentication PPPInterface Dialer0 dialer pool VPN via Dialer Interface rtr1 XSR-1805-1config#aaa user XSR-1805-1config-aaa#password XSRDialer-list 1 protocol ip list VPN via Dialer Interface rtr2 Dialer Int. PRI to BRI with D-channel-callbackcentral-site Ppp pap sent-username central password xsr ppp multilinkDialer Int. PRI to BRI with D-channel-callbackremote1-site Ppp pap sent-username remote1 password xsr1 ppp multilinkDialer Int. PRI to BRI with D-channel-callbackremote2-site Ppp pap sent-username remote2 password xsr2 ppp multilinkIsdn config for BRIx/x Isdn switch type changing Dialer caller 112233 callback dialer remote-name XSR-Remote Isdn callbackDialer-group Isdn multilink / Isnd channel bundling PPPoE on Adsl interface with chap authentication AAA Authentication Authorization Accounting Radius Logging Snmp Medium Ip ssh server disable Ip telnet server disableSSH / Telnet Syslog function, Server local-bufferSnmp v1/v2/v3 Snmp configuration /contact/location/parameterIp route 80.80.80.0 255.255.255.0 XSR-18051config#aaa user XSR-18051config-aaa#password XSR0r1 VPN Ipsec site-to-site tunnel via pre-shared key Router-1Ip route 10.10.10.0 255.255.255.0 XSR-18052config#aaa user XSR-18052config-aaa#password XSR0r2 VPN Ipsec site-to-site tunnel via pre-shared key Router-2VPN Ipsec site-to-site tunnel certification PKI Request certificate from CA y/n ? y XSR-18051config#crypto ca identity Enterasys-Networks-CAPassword Re-enter password XSR-18051config#crypto ca crl request Enterasys-Networks-CAENTITY-ACTIVE Certification control / certificates / Crls / CA identityPptp encrypt mppe auto VPN Pptp User terminationXSR-18051config#aaa user XSR-18051config-aaa#password XSR XSR-18052config#aaa user XSR-18052config-aaa#password XSR Version 6.0.0.0, Built Sep 14 2003 5r1 GRE native site-to-site tunnel5r2 GRE native site-to-site tunnel Diffserv Dscp field addressing Description InteralnetworkPrivate ip address 10.10.10.1 Firewall configurationDescription internalloopbackPrivate ip address 13.13.13.1 Ip address 20.20.20.1 Vlan configuration 802.1q tagged routingIp address 30.30.30.1 XSR-1805 uptime is 0 days, 2 hours, 23 minutes A1.2 ping & tracerouteVersion 2.02, Built Feb 24 2003 Version 4.0.0.0, Built Mar 26 2003Current operational speed is negotiated to 100 Mb/s Current operational duplex mode is negotiated to fullA1.4 telnet to other routers Physical link is currently upA1.6 verify the flash file checksum A1.5 flash/ cflash/ dir, rename, copy commandsB1.1 show ip arp B1.0 show ip routeC1.3 show crypto map C1.0 show tunnelsC1.1 show crypto isakmp sa C1.2 show crypto ipsec saC1.7 show ip route / GRE via Ipsec C1.4 show tunnels / GRE via IpsecC1.5 show interface vpn / GRE via Ipsec C1.6 show crypto ipsec sa / GRE via IpsecD1.2 show controllers atm 1/0 D1.1 show ip interface atm 1/0.1MTU is 1492 bytes VPI/VCI 1/32 D1.3 show controllers atm 1/0.1IfLastChange 001609 ATM 1/0 is Admin Up / Oper UpAdministrative State is Enabled Operational State is UP D1.4 show interface atm 1/0PPPoE is Oper Up ATM 1/0.1 is Admin Up / Oper UpD1.5 show interface atm 1/0.1 State OpenedCurrent State ATM 1/0.1 PPP is Admin Up / Oper UpChap authentication success with D1.6 show ppp interface atm 1/0.1Getting Help