Allied Telesis AR Router Configuration page 40

Helpful Scripts
#
#ISAKMP
# Note: Use Section 1.5 to enable system security and generate an Encryption Key of type GENERAL
# on router A and B
create isakmp pol=remoffice pe=222.222.222.1 hashalg=sha key=1
set isakmp pol=remoffice sendd=true setc=true
create isakmp pol=roaming1 pe=any hashalg=sha key=1
set isakmp pol=roaming1 sendd=true setc=true sendnotify=on
set isa pol=roaming1 xauth=server xauthtype=generic
enable isakmp
Existing Default Gateway Router
Configured to receive RIP.
the only trusted static RIP neighbour.
(192.168.20.0), using VPN Gateway Router as next hop.
Example of VPN Client
cre enco key=1 type=gen val=1234567890
cre isakmp policy=roaming1 hashalg=sha peer=200.200.200.13 key=1
set isakmp policy=roaming1 senddeletes=on setcommitbit=on
set isakmp policy=roaming1 xauth=client xauthname=boblogin xauthpass=bobpass
cre ipsec sas=1 keym=isakmp prot=esp encal=des hasha=null
cre ipsec sas=2 keym=isakmp prot=ah mode=tunnel hasha=sha
cre ipsec bund=1 key=isakmp string="1 and 2"
cre ipsec pol=permit int=dialup act=permit lpo=500 rpo=500
cre ipsec poli=roaming1 int=dialup act=ipsec key=isakmp bundle=1 peer=200.200.200.13
set ipsec poli=roaming1 lna=roaming1 rad=192.168.10.0 rmas=255.255.255.0
cre ipsec poli=internet int=dialup act=permit
Router B (Remote Office Router)
set system name="Remote Office"
set user securedelay=600
add user=secoff pass=<your password> priv=sec
create ppp=0 over=syn0
# optional set ppp=0 over=syn0 lqr=off echo=on
enable ip
add ip int=ppp0 ip=222.222.222.1 mask=255.255.255.0
add ip int=eth0 ip=192.168.20.1
add ip rou=0.0.0.0 mask=0.0.0.0 int=ppp0 next=0.0.0.0
enable firewall
create firewall policy=main
add firewall policy=main int=eth0 type=private
add firewall policy=main int=ppp0 type=public
add firewall poli=main nat=enhanced int=eth0 gblin=ppp0
add firewall poli=main ru=1 ac=allo int=ppp0 prot=udp po=500 ip=222.222.222.1 gblip=222.222.222.1
gblpo=500
add firewall poli=main ru=2 ac=non int=ppp0 prot=ALL ip=192.168.20.1-192.168.20.254 enc=ips
# Rule 3 for internally initiated VPN traffic to Main Office
add firewall poli=main ru=3 ac=nonat int=eth0 prot=all ip=192.168.20.1-192.168.20.254
set firewall poli=main ru=3 remoteip=192.168.10.1-192.168.10.254
set enco sw stacchannels=0
create ipsec sas=1 key=isakmp prot=esp enc=des hasha=null
create ipsec sas=2 key=isakmp prot=ah mode=tunn hasha=sha
create ipsec bund=1 key=isakmp string="1 and 2"
create ipsec pol="isakmp" int=ppp0 ac=permit
set ipsec pol="isakmp" lp=500 rp=500
create ips pol=mainoffice int=ppp0 act=ipsec key=isakmp bund=1 peer=200.200.200.13 isa=mainoffice
set ips pol=mainoffice lad=192.168.20.0 lmask=255.255.255.0 rad=192.168.10.0 rmask=255.255.255.0
create ipsec pol="internet" int=ppp0 ac=permit
enable ipsec
#
#ISAKMP
# Note: Use Section 1.5 to enable system security and generate an Encryption Key of type GENERAL
# on router A and B
create isakmp pol=mainoffice peer=200.200.200.13 hashalg=sha key=1
set isakmp pol=mainoffice sendd=true setc=true sendnotify=on
set isa pol=mainoffice xauth=client xauthname=remoffice xauthpass=remoffice
enable isakmp
Helpful Scripts
Revision 5.8.7; 5 April 2001
The address of the VPN Gateway Router (192.168.10.1) is configured as
Also configure static route for remote office subnet
Page
40