Firewall configuration | Enterasys Networks XSR-Series specification

11.1 Firewall configuration

XSR-1805#show running-config

!!

!Version 4.0.0.0, Built Mar 26 2003, 19:47:17

hostname XSR-1805

interface FastEthernet1

description "Interal_network_Private" ip address 10.10.10.1 255.255.0.0

no shutdown

interface FastEthernet2

description "External_network_Intranet" ip address 192.168.224.133 255.255.255.0 no shutdown

interface Loopback0

description "internal_loopback_Private" ip address 13.13.13.1 255.255.255.0

no shutdown

ip firewall network 192 192.168.224.1 192.168.224.255 external ip firewall network 13 13.13.13.1 13.13.13.255 internal

ip firewall network 10 10.10.10.1 10.10.255.255 internal

ip firewall network-group g192 192 ip firewall network-group g13 13 ip firewall network-group g10 10

ip firewall network-group g10+g13 13 10

ip firewall policy inSSH g192 g13 SSH allow-log bidirectional

ip firewall policy inTelnet g10+g13 g10+g13 Telnet allow-log bidirectional ip firewall policy FTP_okay g10 g192 FTP allow bidirectional

ip firewall policy HTTP_okay g10 g192 HTTP allow bidirectional

ip firewall load

end

XSR-1805#

Configuration Guide

Page 42 of 55

Image 42

Enterasys Networks XSR-Series manual Firewall configuration, Description InteralnetworkPrivate ip address 10.10.10.1

Contents

Configuration Guide Table of Contents Helpful commands for using the XSR platform Appendix IP-Address and Secondary Addresses configuration IP-Static-routing IP-Loopback Interface IP-OSPF-routing IP-RIPv1,v2-routing Ip local pool 10th 10.10.10.0 Sntp Simple Network Time Protocol System login banner Duplex fullDuplex half Configuration Guide Access control list moving online editing XSR-1805config#access-list 110 move 1 Router-1-Master Router-2-BackupVirtual Router Redundancy Protocol RFC Hostname XSR-18051 Vrrp monitor interface function, interface tracking Vrrp 1 priority Vrrp 1 master-respond-ping no shutdown NAT dynamic with PAT Port Address Translation Access-list 10 permit 10.10.10.0NAT static bindings Ip address 10.10.10.1 255.255.255.0 no shutdown Dialer Interface Dialer Backup interface function Controller e1 0/2/0 clock source internal no shutdown PAP for authentication PPP Username remote privilege 0 password is not displayed Chap for authentication PPP Username remote privilege 0 cleartext iamRemoteInterface Dialer0 dialer pool XSR-1805-1config#aaa user XSR-1805-1config-aaa#password XSR VPN via Dialer Interface rtr1Dialer-list 1 protocol ip list VPN via Dialer Interface rtr2 Ppp pap sent-username central password xsr ppp multilink Dialer Int. PRI to BRI with D-channel-callbackcentral-site Ppp pap sent-username remote1 password xsr1 ppp multilink Dialer Int. PRI to BRI with D-channel-callbackremote1-site Ppp pap sent-username remote2 password xsr2 ppp multilink Dialer Int. PRI to BRI with D-channel-callbackremote2-site Isdn config for BRIx/x Isdn switch type changing Isdn callback Dialer caller 112233 callback dialer remote-name XSR-RemoteDialer-group Isdn multilink / Isnd channel bundling PPPoE on Adsl interface with chap authentication AAA Authentication Authorization Accounting Radius Syslog function, Server local-buffer Ip ssh server disable Ip telnet server disableSSH / Telnet Logging Snmp Medium Snmp configuration /contact/location/parameter Snmp v1/v2/v3 Router-1 XSR-18051config#aaa user XSR-18051config-aaa#password XSR0r1 VPN Ipsec site-to-site tunnel via pre-shared key Ip route 80.80.80.0 255.255.255.0 Router-2 XSR-18052config#aaa user XSR-18052config-aaa#password XSR0r2 VPN Ipsec site-to-site tunnel via pre-shared key Ip route 10.10.10.0 255.255.255.0 VPN Ipsec site-to-site tunnel certification PKI XSR-18051config#crypto ca crl request Enterasys-Networks-CA XSR-18051config#crypto ca identity Enterasys-Networks-CAPassword Re-enter password Request certificate from CA y/n ? y Certification control / certificates / Crls / CA identity ENTITY-ACTIVE VPN Pptp User termination Pptp encrypt mppe auto XSR-18051config#aaa user XSR-18051config-aaa#password XSR XSR-18052config#aaa user XSR-18052config-aaa#password XSR 5r1 GRE native site-to-site tunnel Version 6.0.0.0, Built Sep 14 2003 5r2 GRE native site-to-site tunnel Diffserv Dscp field addressing Firewall configuration Description InteralnetworkPrivate ip address 10.10.10.1Description internalloopbackPrivate ip address 13.13.13.1 Vlan configuration 802.1q tagged routing Ip address 20.20.20.1Ip address 30.30.30.1 Version 4.0.0.0, Built Mar 26 2003 A1.2 ping & tracerouteVersion 2.02, Built Feb 24 2003 XSR-1805 uptime is 0 days, 2 hours, 23 minutes Physical link is currently up Current operational duplex mode is negotiated to fullA1.4 telnet to other routers Current operational speed is negotiated to 100 Mb/s A1.5 flash/ cflash/ dir, rename, copy commands A1.6 verify the flash file checksum B1.0 show ip route B1.1 show ip arp C1.2 show crypto ipsec sa C1.0 show tunnelsC1.1 show crypto isakmp sa C1.3 show crypto map C1.6 show crypto ipsec sa / GRE via Ipsec C1.4 show tunnels / GRE via IpsecC1.5 show interface vpn / GRE via Ipsec C1.7 show ip route / GRE via Ipsec D1.1 show ip interface atm 1/0.1 D1.2 show controllers atm 1/0MTU is 1492 bytes D1.3 show controllers atm 1/0.1 VPI/VCI 1/32 D1.4 show interface atm 1/0 ATM 1/0 is Admin Up / Oper UpAdministrative State is Enabled Operational State is UP IfLastChange 001609 State Opened ATM 1/0.1 is Admin Up / Oper UpD1.5 show interface atm 1/0.1 PPPoE is Oper Up D1.6 show ppp interface atm 1/0.1 ATM 1/0.1 PPP is Admin Up / Oper UpChap authentication success with Current State Getting Help