Firewall Sample Configuration - Enterasys X-Pedition XSR-1805 Getting Started Manual

Firewall Sample Configuration

XSR(config-if<F1>)#no ip directed-broadcast
XSR(config-if<F1>)#no shutdown
The commands below configure the ATM interface and sub-interface with a negotiated IP address,
CHAP username and password, and bans keepalives.
XSR(config)#interface ATM 0
XSR(config-if<ATM0/0>)#no shutdown
XSR(config-if<ATM0/0.1>)#interface ATM 0.1
XSR(config-if<ATM0/0.1>)#no shutdown
XSR(config-if<ATM0/0.1>)#encapsulation snap pppoa
XSR(config-if<ATM0/0.1>)#ip address negotiated
XSR(config-if<ATM0/0.1>)#ip mtu 1492
XSR(config-if<ATM0/0.1>)#ip tcp adjust-mss 1400
XSR(config-if<ATM0/0.1>)#ppp chap hostname red password sox
XSR(config-if<ATM0/0.1>)#no ppp keepalive
IPoA
Enter the following commands to configure a IPoA topology:
XSR(config)#interface ATM 0
XSR(config-if<ATM0/0>)#no shutdown
XSR(config-if<ATM0/0>)#interface ATM 0.1
XSR(config-if<ATM0/0.1>)#encapsulation snap ipoa
XSR(config-if<ATM0/0.1>)#ip address 192.168.1.1 255.255.255.0
XSR(config-if<ATM0/0.1>)#ip mtu 1492
XSR(config-if<ATM0/0.1>)#exit
XSR(config)#ip route 0.0.0.0 0.0.0.0 30.0.0.10
XSR(config)#ip route 30.0.0.10 255.255.255.255 ATM 0.1
Firewall Sample Configuration
In this scenario, the XSR acts as a router connecting a branch office to the Internet, as illustrated in
Figure
and an internal network of hosts which are protected from the external world by the firewall. The
Web and Mail servers are part of the DMZ and considered internal by the XSR. Note that some
commands have been abbreviated.
3-34 Software Configuration
Note: If you have configured a VPN tunnel and wish to avoid intermittent Web browser problems,
add the crypto ipsec df-bit clear command to your configuration.
3-1. The branch office has two servers (Web and Mail) accessible from the external world