Router-1 | Enterasys Networks XSR-Series instruction

9.0r1 VPN IPSEC site-to-site tunnel via pre-shared key

Router-1

XSR-1805_1#show running-config

!!

!Version 4.0.0.0, Built Mar 26 2003, 19:47:17

hostname XSR-1805_1

crypto isakmp proposal prop-map1 authentication pre-share

group 5 lifetime 10800

access-list 101 permit ip 10.10.10.0 0.0.0.255 80.80.80.0 0.0.0.255

crypto isakmp peer 20.20.20.2 255.255.255.255 proposal prop-map1

config-mode gateway

crypto ipsec transform-set VPN-3des esp-3des esp-sha-hmac set pfs group2

set security-association lifetime kilobytes 1000000 set security-association lifetime seconds 3601

crypto map c-map1 75

set transform-set VPN-3des match address 101

set peer 20.20.20.2 mode tunnel

interface FastEthernet1 description "LAN-Interface1"

ip address 10.10.10.1 255.255.255.0 no shutdown

interface FastEthernet2 description "LAN-Interface2" crypto map c-map1

ip address 20.20.20.1 255.255.255.0 no shutdown

ip route 80.80.80.0 255.255.255.0 20.20.20.2

end

XSR-1805_1#

XSR-1805_1(config)#aaa user 20.20.20.2

XSR-1805_1(config-aaa)#password XSR

Configuration Guide

Page 31 of 55

Image 31

Enterasys Networks XSR-Series manual 0r1 VPN Ipsec site-to-site tunnel via pre-shared key, Router-1

Contents

Configuration Guide Table of Contents Appendix Helpful commands for using the XSR platform IP-Static-routing IP-Loopback Interface IP-Address and Secondary Addresses configuration IP-OSPF-routing IP-RIPv1,v2-routing Ip local pool 10th 10.10.10.0 Sntp Simple Network Time Protocol Duplex full System login bannerDuplex half Configuration Guide XSR-1805config#access-list 110 move 1 Access control list moving online editing Hostname XSR-18051 Router-2-BackupVirtual Router Redundancy Protocol RFC Router-1-Master Vrrp 1 priority Vrrp 1 master-respond-ping no shutdown Vrrp monitor interface function, interface tracking Ip address 10.10.10.1 255.255.255.0 no shutdown Access-list 10 permit 10.10.10.0NAT static bindings NAT dynamic with PAT Port Address Translation Dialer Interface Controller e1 0/2/0 clock source internal no shutdown Dialer Backup interface function Username remote privilege 0 password is not displayed PAP for authentication PPP Username remote privilege 0 cleartext iamRemote Chap for authentication PPPInterface Dialer0 dialer pool VPN via Dialer Interface rtr1 XSR-1805-1config#aaa user XSR-1805-1config-aaa#password XSRDialer-list 1 protocol ip list VPN via Dialer Interface rtr2 Dialer Int. PRI to BRI with D-channel-callbackcentral-site Ppp pap sent-username central password xsr ppp multilink Dialer Int. PRI to BRI with D-channel-callbackremote1-site Ppp pap sent-username remote1 password xsr1 ppp multilink Dialer Int. PRI to BRI with D-channel-callbackremote2-site Ppp pap sent-username remote2 password xsr2 ppp multilink Isdn config for BRIx/x Isdn switch type changing Dialer caller 112233 callback dialer remote-name XSR-Remote Isdn callbackDialer-group Isdn multilink / Isnd channel bundling PPPoE on Adsl interface with chap authentication AAA Authentication Authorization Accounting Radius Logging Snmp Medium Ip ssh server disable Ip telnet server disableSSH / Telnet Syslog function, Server local-buffer Snmp v1/v2/v3 Snmp configuration /contact/location/parameter Ip route 80.80.80.0 255.255.255.0 XSR-18051config#aaa user XSR-18051config-aaa#password XSR0r1 VPN Ipsec site-to-site tunnel via pre-shared key Router-1 Ip route 10.10.10.0 255.255.255.0 XSR-18052config#aaa user XSR-18052config-aaa#password XSR0r2 VPN Ipsec site-to-site tunnel via pre-shared key Router-2 VPN Ipsec site-to-site tunnel certification PKI Request certificate from CA y/n ? y XSR-18051config#crypto ca identity Enterasys-Networks-CAPassword Re-enter password XSR-18051config#crypto ca crl request Enterasys-Networks-CA ENTITY-ACTIVE Certification control / certificates / Crls / CA identity Pptp encrypt mppe auto VPN Pptp User termination XSR-18051config#aaa user XSR-18051config-aaa#password XSR XSR-18052config#aaa user XSR-18052config-aaa#password XSR Version 6.0.0.0, Built Sep 14 2003 5r1 GRE native site-to-site tunnel 5r2 GRE native site-to-site tunnel Diffserv Dscp field addressing Description InteralnetworkPrivate ip address 10.10.10.1 Firewall configurationDescription internalloopbackPrivate ip address 13.13.13.1 Ip address 20.20.20.1 Vlan configuration 802.1q tagged routingIp address 30.30.30.1 XSR-1805 uptime is 0 days, 2 hours, 23 minutes A1.2 ping & tracerouteVersion 2.02, Built Feb 24 2003 Version 4.0.0.0, Built Mar 26 2003 Current operational speed is negotiated to 100 Mb/s Current operational duplex mode is negotiated to fullA1.4 telnet to other routers Physical link is currently up A1.6 verify the flash file checksum A1.5 flash/ cflash/ dir, rename, copy commands B1.1 show ip arp B1.0 show ip route C1.3 show crypto map C1.0 show tunnelsC1.1 show crypto isakmp sa C1.2 show crypto ipsec sa C1.7 show ip route / GRE via Ipsec C1.4 show tunnels / GRE via IpsecC1.5 show interface vpn / GRE via Ipsec C1.6 show crypto ipsec sa / GRE via Ipsec D1.2 show controllers atm 1/0 D1.1 show ip interface atm 1/0.1MTU is 1492 bytes VPI/VCI 1/32 D1.3 show controllers atm 1/0.1 IfLastChange 001609 ATM 1/0 is Admin Up / Oper UpAdministrative State is Enabled Operational State is UP D1.4 show interface atm 1/0 PPPoE is Oper Up ATM 1/0.1 is Admin Up / Oper UpD1.5 show interface atm 1/0.1 State Opened Current State ATM 1/0.1 PPP is Admin Up / Oper UpChap authentication success with D1.6 show ppp interface atm 1/0.1 Getting Help