Enterasys X-Pedition XSR CLI Cli Reference Manual page 577

• ip multicast-redirect -
forward multicast traffic multicast packet redirection to the unicast address of the remote
tunnel endpoint. Refer to page 14‐126 for the command definition.
• ip address ‐ Defines an explicit IP address on this virtual interface. Refer to page 5‐151 for
the command description.
• ip nat source ‐ Controls NAT on packets entering this VPN port. Refer to page 5‐186 for the
command description.
• ip rip commands ‐ Configures RIP options on the VPN interface. Refer to the "Configuring
the Internet Protocol" on page 5‐83 chapter for descriptions of RIP commands.
• ip split-horizon
the command description.
ip unnumbered
• ‐ Creates an unnumbered VPN interface. Refer to page 5‐166 for the
command description.
• service-policy ‐ Attaches a policy map to an VPN output or input interface. Refer to page
14‐127 for the command description.
tunnel
• ‐ Creates a tunnel to a VPN gateway. Refer to page 14‐127 for the command
description.
Some VPN configuration properties are associated with a specific network interface or require
creation of virtual network interfaces that represent tunnels.
This section defines the VPN‐related subcommands provided by the
A VPN interface is a special form of a virtual network interface that represents an IPSec tunnel
with EZ‐IPSec automatic configuration, L2TP, or PPTP tunnel(s). It is required to support VPN
tunnels which have IP addresses. These tunnels should not be confused with tunnel mode in
IPSec. A tunnel on a VPN interface has IP addresses at both ends and is used by the routing
subsystem like any other network interface.
A VPN interface can be configured as follows:
• interface vpn 4 point-to-point
• interface vpn 3 multi-point
Point‐to‐Point interfaces are used when defining an outbound tunnel to another gateway. This
interface type, in conjunction with the
to other security gateways that support dynamic IP address assignment.
Note: The tunnel command is a sub-command of interface vpn.
Each outbound tunnel is associated with a VPN interface. That interface, which can be configured
into the routing protocols, is considered down until the tunnel has connected and an IP address
has been obtained from the remote VPN gateway.
Note: Only one tunnel may be defined per point-to-point VPN interface.
Native IPSec tunnels attached to VPN interfaces will not easily
‐ Sets RIP split‐horizon options on the VPN port. Refer to page 5‐130 for
tunnel command, is suited to initiating outbound tunnels
Interface VPN Commands
interface vpn
command.
XSR CLI Reference Guide 14-123