1. Manuals
  2. Brands
  3. Enterasys Manuals
  4. Network Router
  5. X-Pedition XSR-1805
  6. Getting started manual

Create A Transform Set; Configure Crypto Maps; Configuring Vpn At Interface Mode And Setting Up Rip - Enterasys X-Pedition XSR-1805 Getting Started Manual

X-pedition security router
Hide thumbs Also See for X-Pedition XSR-1805:
Table of Contents

Advertisement

Create a Transform Set

The following transform-set specifies the specified encryption/data integrity choices, 768-bit
Diffie-Hellman, and an SA lifetime expressed in kilobytes. The SA seconds lifetime value is disabled.
Some commands are abbreviated.
XSR(config)#crypto ipsec transform-set esp-3des-sha esp-3des esp-sha-hmac
XSR(cfg-crypto-tran)#set pfs group1
XSR(cfg-crypto-tran)#set security-association lifetime lifetime kilobytes 100000
XSR(cfg-crypto-tran)#no set security-association lifetime lifetime seconds

Configure Crypto Maps

The following IKE policy crypto maps are each linked to the earlier added transform-set with
matching ACLs and are set by default for the more stringent tunnel mode. Maps 91 and 92 match
the remote XSRs and map 90 correlates with the ANG. Crypto map statements render the
associated ACLs bi-directional.
XSR(config)#crypto map acme 92
XSR(config-crypto-m)#set transform-set esp-3des-sha
XSR(config-crypto-m)#match address 192
XSR(config-crypto-m)#set peer 112.16.244.5
XSR(config)#crypto map acme 91
XSR(config-crypto-m)#set transform-set esp-3des-sha
XSR(config-crypto-m)#match address 191
XSR(config-crypto-m)#set peer 112.16.244.7
XSR(config)#crypto map acme 90
XSR(config-crypto-m)#set transform-set esp-3des-sha
XSR(config-crypto-m)#match address 190
XSR(config-crypto-m)#set peer 112.16.244.9

Configuring VPN at Interface Mode and Setting Up RIP

The following commands configure the LAN physical ports as follows: FastEthernet port 1 is
designated Internal LAN, with the specified IP address/subnet as the designated network.
FastEthernet port 2 is named VPN Cloud, assigned crypto map acme with associated ACLs, and
directed not to transmit or receive RIP updates. Also, RIP routing and four IP routes are
configured as well as a VPN interface for AAA service.
XSR(config)#interface fastethernet 1
XSR(config-if<F1>)#description "Internal LAN"
XSR(config-if<F1>)#no shutdown
XSR(config-if<F1>)#ip address 112.16.1.221 255.255.255.0
XSR(config)#interface fastethernet 2
XSR(config-if<F2>)#crypto map acme
XSR(config-if<F2>)#description "VPN Cloud"
XSR(config-if<F2>)#no shutdown
XSR(config-if<F2>)#ip access-group 101 in
XSR(config-if<F2>)#ip access-group 101 out
XSR(config-if<F2>)#ip address 112.16.244.10 255.255.255.0
VPN Site-to-Site Sample Configuration
XSR Getting Started Guide 3-29

Advertisement

Table of Contents
loading

Related Manuals for Enterasys X-Pedition XSR-1805

Related Content for Enterasys X-Pedition XSR-1805

Table of Contents