Enterasys X-Pedition XSR-1805 Getting Started Manual page 72

Security router

Hide thumbs Also See for X-Pedition XSR-1805:

Getting started manual (106 pages)

Owner's manual (25 pages)

Configuration manual (55 pages)

Table Of Contents

100

101

102

103

104

105

106

page of 106

/ 106
Contents
Table of Contents
Bookmarks

Table of Contents

VPN Sample Configuration with NEM, EZ-IPSec & Internet Access

XSR(config)#ip local pool virtual_subnet 10.10.10.0 255.255.255.248

Configure AAA authentication by assigning a virtual subnet to the DEFAULT AAA group,

associate it with DNS and WINs servers, and add two AAA users with passwords.

When a remote XSR tunnels into the local XSR, it will be assigned these DNS, WINS and PPTP

values and be assigned dynamically to the IP pool virtual_subnet. Be aware that users not added to

a specified group will automatically be assigned to the DEFAULT group and groups must be

created before users can be added to them. Remember to create the same users and passwords on

the remote XSRs.

XSR(ip-local-pool)#aaa group DEFAULT

XSR(aaa-group)#ip pool virtual_subnet

Configure DNS and WINS parameters:

XSR(aaa-group)#dns server primary 172.16.10.10

XSR(aaa-group)#dns server secondary 172.16.10.11

XSR(aaa-group)#wins server primary 172.16.10.10

XSR(aaa-group)#wins server secondary 172.16.10.11

Create user(s), specify an IP from virtual subnet, and assign a password:

XSR(config)#aaa user nem-test

XSR(config)#password welcome

XSR(config)#aaa user jeffb

XSR(config)#password welcome

Check to make sure the transforms and proposals were created properly:

XSR#show crypto ipsec transform-set

Name PFS

---- ---

*ez-esp-3des-sha-pfs

*ez-esp-3des-sha-no-pfs

*ez-esp-3des-md5-pfs

*ez-esp-3des-md5-no-pfs

*ez-esp-aes-sha-pfs

*ez-esp-aes-sha-no-pfs

*ez-esp-aes-md5-pfs

*ez-esp-aes-md5-no-pfs

XSR#show crypto isakmp proposal

Name

----

*ez-ike-3des-sha-psk

*ez-ike-3des-md5-psk

*ez-ike-3des-sha-rsa

*ez-ike-3des-md5-rsa

Create the ISAKMP IKE global peer:

XSR(config)#crypto isakmp peer 0.0.0.0 0.0.0.0

XSR(config)#config-mode gateway

XSR(config)#exchange-mode aggressive

XSR(config)#proposal ez-ike-3des-sha-psk ez-ike-3des-md5-psk

Create the ACL for trusted subnet of 1100(s) and virtual subnet of XSR:

XSR(config)#access-list 101 permit ip any 10.11.11.0 0.0.0.255

3-54 Software Configuration

ESP

ESP-AH

---

------

Modp768

Disabled

Modp768

Disabled

Modp768

Disabled

Modp768

Disabled

Authentication

--------------

PreSharedKeys

RSASignature

AH IPCOMP

-- ------

3DES

HMAC-SHA

3DES

HMAC-SHA

3DES

HMAC-MD5

3DES

HMAC-MD5

AES

HMAC-SHA

AES

HMAC-SHA

AES

HMAC-MD5

AES

HMAC-MD5

Encrypt

Integrity

-------

---------

3DES

HMAC-SHA

3DES

HMAC-MD5

3DES

HMAC-SHA

3DES

HMAC-MD5

None

Group

Lifetime

-----

--------

Modp1024

28800

Modp1024

28800

Modp1024

28800

Modp1024

28800

Table of Contents

Enterasys X-Pedition XSR-1805 Getting Started Manual page 72

Related Manuals for Enterasys X-Pedition XSR-1805

Related Products for Enterasys X-Pedition XSR-1805

Table of Contents