Enterasys Networks XSR-Series specs

9.1 VPN IPSEC site-to-site tunnel certification PKI

XSR-1805_1#show running-config

!!

!Version 4.0.0.0, Built Mar 26 2003, 19:47:17

hostname XSR-1805_1

crypto isakmp proposal prop-map1 authentication rsa-sig

group 5 lifetime 10800

access-list 101 permit ip 10.10.10.0 0.0.0.255 any

crypto isakmp peer 20.20.20.1 255.255.255.255 proposal prop-map1

config-mode gateway

crypto ipsec transform-set VPN-3des esp-3des esp-sha-hmac set pfs group2

set security-association lifetime kilobytes 1000000 set security-association lifetime seconds 3601

crypto map c-map1 75

set transform-set VPN-3des match address 101

set peer 20.20.20.1 mode tunnel

interface FastEthernet1 description "LAN-Interface1"

ip address 80.80.80.1 255.255.255.0 no shutdown

interface FastEthernet2 description "LAN-Interface2" crypto map c-map1

ip address 20.20.20.2 255.255.255.0 no shutdown

ip route 10.10.10.0 255.255.255.0 20.20.20.1 ip route 0.0.0.0 0.0.0.0 80.80.80.254

ip host labor-enterasys 192.168.224.22

ip host Enterasys-Networks-CA 192.168.224.22

end

XSR-1805_1#

Configuration Guide

Page 33 of 55

Image 33

Enterasys Networks XSR-Series manual VPN Ipsec site-to-site tunnel certification PKI

Contents

Configuration Guide Table of Contents Appendix Helpful commands for using the XSR platform IP-Static-routing IP-Loopback Interface IP-Address and Secondary Addresses configuration IP-OSPF-routing IP-RIPv1,v2-routing Ip local pool 10th 10.10.10.0 Sntp Simple Network Time Protocol System login banner Duplex fullDuplex half Configuration Guide XSR-1805config#access-list 110 move 1 Access control list moving online editing Virtual Router Redundancy Protocol RFC Router-2-BackupRouter-1-Master Hostname XSR-18051 Vrrp 1 priority Vrrp 1 master-respond-ping no shutdown Vrrp monitor interface function, interface tracking NAT static bindings Access-list 10 permit 10.10.10.0NAT dynamic with PAT Port Address Translation Ip address 10.10.10.1 255.255.255.0 no shutdown Dialer Interface Controller e1 0/2/0 clock source internal no shutdown Dialer Backup interface function Username remote privilege 0 password is not displayed PAP for authentication PPP Chap for authentication PPP Username remote privilege 0 cleartext iamRemoteInterface Dialer0 dialer pool XSR-1805-1config#aaa user XSR-1805-1config-aaa#password XSR VPN via Dialer Interface rtr1Dialer-list 1 protocol ip list VPN via Dialer Interface rtr2 Dialer Int. PRI to BRI with D-channel-callbackcentral-site Ppp pap sent-username central password xsr ppp multilink Dialer Int. PRI to BRI with D-channel-callbackremote1-site Ppp pap sent-username remote1 password xsr1 ppp multilink Dialer Int. PRI to BRI with D-channel-callbackremote2-site Ppp pap sent-username remote2 password xsr2 ppp multilink Isdn config for BRIx/x Isdn switch type changing Isdn callback Dialer caller 112233 callback dialer remote-name XSR-RemoteDialer-group Isdn multilink / Isnd channel bundling PPPoE on Adsl interface with chap authentication AAA Authentication Authorization Accounting Radius SSH / Telnet Ip ssh server disable Ip telnet server disableSyslog function, Server local-buffer Logging Snmp Medium Snmp v1/v2/v3 Snmp configuration /contact/location/parameter 0r1 VPN Ipsec site-to-site tunnel via pre-shared key XSR-18051config#aaa user XSR-18051config-aaa#password XSRRouter-1 Ip route 80.80.80.0 255.255.255.0 0r2 VPN Ipsec site-to-site tunnel via pre-shared key XSR-18052config#aaa user XSR-18052config-aaa#password XSRRouter-2 Ip route 10.10.10.0 255.255.255.0 VPN Ipsec site-to-site tunnel certification PKI Password Re-enter password XSR-18051config#crypto ca identity Enterasys-Networks-CAXSR-18051config#crypto ca crl request Enterasys-Networks-CA Request certificate from CA y/n ? y ENTITY-ACTIVE Certification control / certificates / Crls / CA identity Pptp encrypt mppe auto VPN Pptp User termination XSR-18051config#aaa user XSR-18051config-aaa#password XSR XSR-18052config#aaa user XSR-18052config-aaa#password XSR Version 6.0.0.0, Built Sep 14 2003 5r1 GRE native site-to-site tunnel 5r2 GRE native site-to-site tunnel Diffserv Dscp field addressing Firewall configuration Description InteralnetworkPrivate ip address 10.10.10.1Description internalloopbackPrivate ip address 13.13.13.1 Vlan configuration 802.1q tagged routing Ip address 20.20.20.1Ip address 30.30.30.1 Version 2.02, Built Feb 24 2003 A1.2 ping & tracerouteVersion 4.0.0.0, Built Mar 26 2003 XSR-1805 uptime is 0 days, 2 hours, 23 minutes A1.4 telnet to other routers Current operational duplex mode is negotiated to fullPhysical link is currently up Current operational speed is negotiated to 100 Mb/s A1.6 verify the flash file checksum A1.5 flash/ cflash/ dir, rename, copy commands B1.1 show ip arp B1.0 show ip route C1.1 show crypto isakmp sa C1.0 show tunnelsC1.2 show crypto ipsec sa C1.3 show crypto map C1.5 show interface vpn / GRE via Ipsec C1.4 show tunnels / GRE via IpsecC1.6 show crypto ipsec sa / GRE via Ipsec C1.7 show ip route / GRE via Ipsec D1.1 show ip interface atm 1/0.1 D1.2 show controllers atm 1/0MTU is 1492 bytes VPI/VCI 1/32 D1.3 show controllers atm 1/0.1 Administrative State is Enabled Operational State is UP ATM 1/0 is Admin Up / Oper UpD1.4 show interface atm 1/0 IfLastChange 001609 D1.5 show interface atm 1/0.1 ATM 1/0.1 is Admin Up / Oper UpState Opened PPPoE is Oper Up Chap authentication success with ATM 1/0.1 PPP is Admin Up / Oper UpD1.6 show ppp interface atm 1/0.1 Current State Getting Help