Cisco router configuration | Patton electronic 2800 instruction

OnSite 2800 Series User Manual6 • VPN configuration

ipaddress 200.200.200.2 255.255.255.252 use profile acl VPN_In in

use profile acl VPN_Out out

context ip router

route 0.0.0.0 0.0.0.0 200.200.200.1 0 route 172.16.0.0 255.255.0.0 WAN 0

Cisco router configuration

crypto ipsec transform-set DES esp-des

!

crypto map VPN_DES local-address FastEthernet0/1 crypto map VPN_DES 10 ipsec-manual

set peer 200.200.200.2

set session-key inbound esp 2222 cipher FEDCBA0987654321 set session-key outbound esp 1111 cipher 1234567890ABCDEF set transform-set DES

match address 110

!

access-list 110 permit ip 172.16.0.0 0.0.255.255 192.168.1.0 0.0.0.255

!

interface FastEthernet0/0

ip address 172.16.1.1 255.255.0.0

!

interface FastEthernet0/1

ip address 200.200.200.1 255.255.255.252 crypto map VPN_DES

!

ip route 192.168.1.0 255.255.255.0 FastEthernet0/1

IPsec tunnel, AES encryption at 256 bit key length, AH authentication with HMAC- SHA1-96

OnSite configuration

profile ipsec-transform AES_SHA1 esp-encryption aes-cbc 256 ah-authentication hmac-sha1-96

profile ipsec-policy-manual VPN_AES_SHA1 use profile ipsec-transform AES_SHA1

session-key inbound ah-authentication 1234567890ABCDEF1234567890ABCDEF12345678 session-key outbound ah-authentication FEDCBA0987654321FEDCBA0987654321FEDCBA09 session-key inbound esp-encryption

1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF session-key outbound esp-encryption

FEDCBA0987654321FEDCBA0987654321FEDCBA0987654321FEDCBA0987654321 spi inbound ah 3333

spi outbound ah 4444 spi inbound esp 5555 spi outbound esp 6666 peer 200.200.200.1 mode tunnel

...

Sample configurations

76

Image 76

Patton electronic 2800 user manual Cisco router configuration

Contents

Managed VPN Router Mailsupport@patton.com Summary Table of Contents Table of Contents Getting started with the OnSite Managed VPN Router VPN configuration LEDs status and monitoring 112 Cabling 124 OnSite 2800 Series factory configuration 132 List of Figures List of Tables Audience About this guideStructure Precautions Impaired functioning Safety when working with electricity General observations Typographical conventions used in this document General conventions Chapter contents General information OnSite Model 2800 Series overview OnSite Managed VPN Router 2805 shown OnSite 2800 Series detailed description OnSite 2800 Series model codes DMZ OnSite 2800 Series power input connectors Model code extensions Ports descriptions OnSite 2800 Series rear-panel ports are described in table Applications overview Corporate multi-function virtual private network Corporate multi-function virtual private network General information Hardware installation Planning the installation Create a network diagram see section Network information on Installation checklist Power source Site logNetwork information IP related information Installing the VPN router Connecting cablesInstalling the Ethernet cable Location and mounting requirements Installing the serial WAN cable Connecting an OnSite 2800 Series device to a hub DCD Hardware installation Rear panel of 2803K/EUI Pins not listed are not used Rear panel of 2803K/UI Connecting to external power source Power connector location on rear panel UI and EUI power supplies automatically adjust to accept an Getting started with the OnSite Managed VPN Router Configure IP address Introduction Configure IP address Power connection and default configurationAll Ethernet interfaces are activated upon power-up Terminal emulation program settings 9600 bps No parity Bit Login Select the context IP mode to configure an IP interfaceStop bit No flow control Changing the IP address Connect the OnSite VPN Router to the network Load configurationRespectively from the host ping Load configuration Serial port configuration Serial port configuration task list Disabling an interface Enabling an interface Example Configuring the serial encapsulation type Configuring the encapsulation for Frame RelayPort Enter Frame Relay mode Configuring the LMI type Configuring the keep-alive interval Entering Frame Relay PVC configuration mode Configuring the PVC encapsulation type Binding the Frame Relay PVC to IP interface Mode PVC Enabling a Frame Relay PVC Disabling a Frame Relay PVC Displaying serial port information CRC Displaying Frame Relay information Dlci Integrated service access Configure the serial interface settings Port Configure the introduced PVCs Check that the Frame Relay settings are correct T1/E1 port configuration T1/E1 port configuration task list Enable/Disable T1/E1 port Mode port e1t1 slot port Configuring T1/E1 port-typeConfiguring T1/E1 clock-mode Configuring T1/E1 line-code Configuring T1/E1 framing Configuring T1/E1 line-build-out T1 onlyConfiguring T1/E1 used-connector E1 only Name prt-e1t1 slot/port# framing Configuring T1/E1 application mode Configuring T1/E1 LOS thresholdConfiguring T1/E1 encapsulation Default short-haul Be used Mode port e1t1 slot port Configuring Channel-Group TimeslotsMode channel-group group-name Configuring Channel-Group Encapsulation Configuring Hdlc CRC-Type Configuring Hdlc EncapsulationT1/E1 Configuration Examples Default no encapsulation Example 1 Frame Relay without a channel-group Example 3 PPP without a channel-group Example 2 Framerelay with a channel-groupExample 4 PPP with a channel-group VPN configuration Authentication Encryption Transport and tunnel modes VPN configuration task listCreating an IPsec transformation profile Procedure To create an IPsec policy profile Creating an IPsec policy profile Nodecfg#profile ipsec-policy-man Creating/modifying an outgoing ACL profile for IPsec Configuration of an IP interface and the IP router for IPsec Displaying IPsec configuration information Example Display IPsec transformation profiles Example Display IPsec policy profilesDebugging IPsec Example IPsec Debug Output OnSite configuration Sample configurationsIPsec tunnel, DES encryption Cisco router configuration Cisco router configuration VPN configuration Access control list configuration What access lists do About access control listsWhy you should configure access lists When to configure access lists Features of access control lists Access control list configuration task list Mapping out the goals of the access control list Nodepf-acl name#permit ip src src-wildcard any Where the syntax is Src-wildcard Nodepf-acl name#permit icmp src src-wildcard any Type type type type code code cos groupNodepf-acl name#deny icmp src src-wildcard Any host src dest dest-wildcard any host dest Where the syntax is as following Msg name Nodepf-acl name#permit tcp udp sctp src src-wild Card any host src eq port gt port lt port rangePort lt port range from to cos group cos-rtp group Nodepf-acl name#deny tcp udp sctp src src Group-data Where the syntax is Displaying an access control list profile Unbind an access control list profile from an interfaceDebugging an access control list profile Control list profile shall be debugged Examples Denying a specific subnet Link scheduler configuration Configuring access control lists Using traffic classes Configuring quality of service QoSApplying scheduling at the bottleneck Introduction to Scheduling Weighted fair queuing WFQPriority Burst tolerant shaping or wfq ShapingHierarchy Quick references Setting the modem rateSome explanations Link scheduler configuration task list Command cross reference Defining the access control list profile Packet classification Creating an access control list Scenario with Web server regarded as a single source host Creating a service policy profile Nodecfg#profile acl nameNodepf-acl name#permit ip host ip-address any traffic-class Nodepf-acl name#permit ip any any Structure of a Service-Policy Profile Defining fair queuing weight Specifying the handling of traffic-classes Specifying the type-of-service TOS field Defining the bit-rateDefining absolute priority Defining the maximum queue length Specifying differentiated services codepoint Dscp marking Specifying the precedence fieldNodesrc name#set ip tos value Nodesrc name#set ip precedence value Nodesrc name#set ip dscp value Specifying layer 2 markingNodesrc name#set layer2 cos value Discarding Excess Load Defining random early detectionNodesrc name#random-detect burst-tolerance Nodeif-ip if-name#use profile service Devoting the service policy profile to an interfacePolicy name in out Displaying link arbitration status Enable statistics gatheringDisplaying link scheduling profile information Values defining detail of the queuing statistics LEDs status and monitoring Status LEDs Contacting Patton for assistance Contact information Warranty coveragePatton Support Headquarters in the USA Out-of-warranty service Returns for creditReturn for credit policy RMA numbers Appendix a Compliance information Safety ComplianceRadio and TV Interference FCC Part CE Declaration of Conformity FCC Part 68 Acta Statement Model 2803 only Authorized European RepresentativeIndustry Canada Notice Model 2803 only Appendix B Specifications Ethernet interfaces Sync serial interfaceT1/E1 interface Model 2803 only PPP support IP services DimensionsManagement Operating environment Internal power supply 100-240 VAC, 50/60 Hz, 200 mA Power supplyInternal AC version Appendix C Cabling Connecting a serial terminal Serial console Ethernet 10Base-T and 100Base-T Ethernet cross-over Ethernet straight-through Appendix D Port pin-outs Console port, RJ-45, EIA-561 RS-232 EIA-561 RJ-45 8-pin port RS-232 Console Port Ethernet 10Base-T and 100Base-T port Sync serial portEthernet ports are auto-detect MDI-X Serial port 21 Female DB-15 connector Appendix E OnSite 2800 Series factory configuration OnSite 2800 Series factory configuration Appendix F Installation checklist Installation checklist