Ipsec Client Option For Example 6.3 - Allied Telesis AR Router Configuration

Helpful Scripts
Router B
set sys name=remoffice
set user securedelay=600
add user=secoff pass=<your password> priv=sec
create ppp=0 over=syn0
enable ip
add ip int=eth0 ip=192.168.20.1
add ip int=ppp0 ip=222.222.222.1
add ip rou=0.0.0.0 mask=0.0.0.0 int=ppp0 next=0.0.0.0
# Firewall
# To enable out going ping see example 5.1.1
enable firewall
create firewall policy="main"
add firewall policy="main" int=eth0 type=private
add firewall policy="main" int=ppp0 type=public
add firewall poli="main" nat=enhanced int=eth0 gblin=ppp0
add firewall poli="main" ru=1 ac=allo int=ppp0 prot=udp po=500 ip=222.222.222.1 gblip=222.222.222.1
gblp=500
add firewall poli="main" ru=2 ac=non int=ppp0 prot=ALL ip=192.168.20.1-192.168.20.254 enc=ips
# Rule 3 for internally initiated VPN traffic to Head Office
add firewall poli="main" ru=3 ac=non int=eth0 prot=ALL ip=192.168.20.1-192.168.20.254
set firewall poli="main" ru=3 rem=192.168.10.1-192.168.10.254
set enco sw stacchannels=0
create ipsec sas=1 key=isakmp prot=esp enc=des hasha=null
create ipsec sas=2 key=isakmp mode=tunnel prot=ah hasha=sha
create ipsec bund=1 key=isakmp string="1 and 2"
create ipsec pol=isakmp int=ppp0 act=permit lpo=500 rpo=500
create ipsec pol="remoffice" int=ppp0 ac=ipsec key=isakmp bund=1 peer=200.200.200.1 isa=remoffice
set ipsec pol="remoffice" lad=192.168.20.0 lma=255.255.255.0 rad=192.168.10.0 rmas=255.255.255.0
create ipsec pol="internet" int=ppp0 ac=permit
enable ipsec
# ISAKMP
# Note: Use Section 1.5 to enable system security and generate an Encryption Key of type GENERAL on
# router A and B
create isakmp pol=remoffice hashalg=sha pe=200.200.200.1 key=1
set isakmp pol=remoffice sendd=true setc=true sendnotify=on
enable isakmp

6.3.1. IPSec Client option for Example 6.3

IPSec Client Configuration for User "Roaming1"
#
#ISAKMP
# This example uses the same network key for all ISAKMP Exchanges
create enco key=1 type=gen val=<network key for ISAKMP Excahnge>
create isa pol=roaming1 peer=200.200.200.1 hashalg=sha key=1
set isa pol=roaming1 senddeletes=on setcommitbit=on sendnotify=on
# Optional line for authentication of user "Roaming1" to be done at the Head Office
#set isakmp policy=roaming1 xauth=client xauthname=boblogin xauthpass=bobpass
#
# IPSec
# Includes VPN client configuration for user "Roaming1"
create ips sas=1 prot=esp hasha=null encalg=des keym=isakmp
create ips sas=2 prot=ah mode=tunn hasha=sha keym=isakmp
create ips bundle=1 keym=isakmp string="1 and 2"
create ips pol=isakmp int=dialup act=permit lpo=500 rpo=500
create ips pol=roaming1 int=dialup act=ipsec key=isakmp bund=1 peer=200.200.200.1
set ips pol=roaming1 rad=192.168.10.0 rma=255.255.255.0 lname=roaming1
create ips pol=internet int=dialup act=permit
Helpful Scripts
Revision 5.8.7; 5 April 2001
Page
32