Table of Contents
Advertisement
Server 1 .......................................................................................................................................... 14-17
Server 2 .......................................................................................................................................... 14-18
Client .............................................................................................................................................. 14-18
Limitations ...................................................................................................................................... 14-18
XSR VPN Features ..................................................................................................................................... 14-18
VPN Configuration Overview ...................................................................................................................... 14-20
Master Encryption Key Generation ...................................................................................................... 14-20
ACL Configuration Rules ...................................................................................................................... 14-21
Configuring ACLs ........................................................................................................................... 14-21
Selecting Policies: IKE/IPSec Transform-Sets ..................................................................................... 14-22
Security Policy Considerations ....................................................................................................... 14-23
Configuring Policy........................................................................................................................... 14-23
Creating Crypto Maps .......................................................................................................................... 14-24
Configuring Crypto Maps................................................................................................................ 14-24
Authentication, Authorization and Accounting Configuration ............................................................... 14-25
AAA Commands ............................................................................................................................. 14-26
Configuring AAA ............................................................................................................................. 14-26
PKI Configuration Options .................................................................................................................... 14-27
Configuring PKI .............................................................................................................................. 14-28
PKI Certificate Enrollment Example ..................................................................................................... 14-28
Interface VPN Options ......................................................................................................................... 14-31
VPN Interface Sub-Commands ...................................................................................................... 14-32
Configuring a Simple VPN Site-to-Site Application .................................................................................... 14-32
Configuring the VPN Using EZ-IPSec ........................................................................................................ 14-34
EZ-IPSec Configuration ....................................................................................................................... 14-35
Configuration Examples ............................................................................................................................. 14-36
XSR with VPN - Central Gateway ........................................................................................................ 14-36
GRE Tunnel for OSPF ......................................................................................................................... 14-40
Tunnel A: XSR-3250 VPN GRE Site-to-Site Tunnel....................................................................... 14-40
Tunnel B: XSR-1805 VPN GRE Site-to-Site Tunnel....................................................................... 14-42
XSR/Cisco Site-to-Site Example .......................................................................................................... 14-44
Cisco Configuration ........................................................................................................................ 14-44
XSR Configuration.......................................................................................................................... 14-45
Interoperability Profile for the XSR ............................................................................................................. 14-46
Scenario 1: Gateway-to-Gateway with Pre-Shared Secrets ................................................................ 14-46
Scenario 2: Gateway-to-Gateway with Certificates .............................................................................. 14-49
Overview of DHCP ....................................................................................................................................... 15-1
Features ....................................................................................................................................................... 15-1
DHCP Server Standards ........................................................................................................................ 15-2
How DHCP Works ........................................................................................................................................ 15-2
DHCP Services ............................................................................................................................................. 15-3
Persistent Storage of Network Parameters for Clients ........................................................................... 15-3
Temporary or Permanent Network Address Allocation .......................................................................... 15-3
Lease................................................................................................................................................ 15-3
Assigned Network Configuration Values to Clients: Options ................................................................. 15-3
Provisioning Differentiated Network Values by Client Class .................................................................. 15-4
BOOTP Legacy Support ........................................................................................................................ 15-4
Nested Scopes: IP Pool Subsets ........................................................................................................... 15-4
Scope Caveat ......................................................................................................................................... 15-5
Manual Bindings ..................................................................................................................................... 15-5
xxiii
Advertisement
Table of Contents
Troubleshooting
