Internal Servers Combined With Ipsec Vpn - 3Com 3C13636 Configuration Manual

Router 3000 ethernet family

Hide thumbs Also See for 3C13636:

Installation manual (27 pages)

Table of Contents

3Com Router 3000 Ethernet Family

Configuration Guide

# Create a bidirectional NAT entry.

[3Com] nat overlapaddress 3 10.0.0.0 3.0.0.0 address-mask 24

# Configure an ACL.

[3Com] acl number 2000

[3Com-acl-basic-2000] rule 0 permit source 10.0.0.0 0.0.0.255

[3Com-acl-basic-2000] rule 1 permit source 10.1.1.0 0.0.0.255

[3Com-acl-basic-2000] quit

# On the WAN interface bind the address pool with the ACL.

[3Com] interface serial0/0/0

[3Com-Serial0/0/0] ip address 192.168.0.1 255.255.255.0

[3Com-Serial0/0/0] nat outbound 2000 address-group 1

# Assign IP addresses to LAN interfaces.

[3Com-Serial0/0/0] interface ethernet 1/0/0

[3Com-Ethernet1/0/0] ip address 10.0.0.3 255.255.255.0

[3Com-Ethernet1/0/0] interface ethernet 3/0/0

[3Com-Ethernet3/0/0] ip address 10.1.1.3 255.255.255.0

[3Com-Ethernet3/0/0] quit

# Configure static routing.

[3Com] ip route-static 3.0.0.0 255.255.255.0 serial0/0/0

[3Com] ip route-static 192.168.1.0 255.255.255.0 serial0/0/0

The IP address of the DNS server is 192.168.0.150/24.

11.5.5 Internal Servers Combined with IPSec VPN

I. Network requirements

The headquarters of a company is connected to the public network through Router 1

and to the branches through IPSec VPNs established over the public network.

All traffic between the headquarters and its branches is protected using IPSec, where

manually-established SAs, the security protocol of ESP, the encryption algorithm of

DES, and the authentication algorithm of SHA1-HMAC-96 are adopted.

At the headquarters, the WWW and FTP servers are located on the 10.110.10.0

segment. Router 1 provides access to these two internal servers, allowing the internal

users to access using private addresses and the external users to access using public

The PCs of the headquarters and branches are located on 10.110.20.0/24 and

10.110.30.0/24 respectively. They use the address translation service provided by

Router 1, accessing the Internet with the public address of interface S1/0/0.

3Com Corporation

Chapter 11 NAT Configuration

Chapters

Table of Contents

Troubleshooting

3c13636-us - router 3036 3000 series

Internal Servers Combined With Ipsec Vpn - 3Com 3C13636 Configuration Manual

11.5.5 Internal Servers Combined with IPSec VPN

Chapters

Troubleshooting

Related Manuals for 3Com 3C13636

Related Content for 3Com 3C13636

This manual is also suitable for:

Table of Contents