Enterasys Networks Security Router X-PeditionTM User Manual

Page 25

Advertising

background image

xxiii

Server 1 .......................................................................................................................................... 14-17
Server 2 .......................................................................................................................................... 14-18
Client .............................................................................................................................................. 14-18
Limitations ...................................................................................................................................... 14-18

XSR VPN Features ..................................................................................................................................... 14-18
VPN Configuration Overview ...................................................................................................................... 14-20

Master Encryption Key Generation ...................................................................................................... 14-20
ACL Configuration Rules ...................................................................................................................... 14-21

Configuring ACLs ........................................................................................................................... 14-21

Selecting Policies: IKE/IPSec Transform-Sets ..................................................................................... 14-22

Security Policy Considerations ....................................................................................................... 14-23
Configuring Policy........................................................................................................................... 14-23

Creating Crypto Maps .......................................................................................................................... 14-24

Configuring Crypto Maps................................................................................................................ 14-24

Authentication, Authorization and Accounting Configuration ............................................................... 14-25

AAA Commands ............................................................................................................................. 14-26
Configuring AAA ............................................................................................................................. 14-26

PKI Configuration Options .................................................................................................................... 14-27

Configuring PKI .............................................................................................................................. 14-28

PKI Certificate Enrollment Example ..................................................................................................... 14-28
Interface VPN Options ......................................................................................................................... 14-31

VPN Interface Sub-Commands ...................................................................................................... 14-32

Configuring a Simple VPN Site-to-Site Application .................................................................................... 14-32
Configuring the VPN Using EZ-IPSec ........................................................................................................ 14-34

EZ-IPSec Configuration ....................................................................................................................... 14-35

Configuration Examples ............................................................................................................................. 14-36

XSR with VPN - Central Gateway ........................................................................................................ 14-36
GRE Tunnel for OSPF ......................................................................................................................... 14-40

Tunnel A: XSR-3250 VPN GRE Site-to-Site Tunnel....................................................................... 14-40
Tunnel B: XSR-1805 VPN GRE Site-to-Site Tunnel....................................................................... 14-42

XSR/Cisco Site-to-Site Example .......................................................................................................... 14-44

Cisco Configuration ........................................................................................................................ 14-44
XSR Configuration.......................................................................................................................... 14-45

Interoperability Profile for the XSR ............................................................................................................. 14-46

Scenario 1: Gateway-to-Gateway with Pre-Shared Secrets ................................................................ 14-46
Scenario 2: Gateway-to-Gateway with Certificates .............................................................................. 14-49

Chapter 15: Configuring DHCP

Overview of DHCP ....................................................................................................................................... 15-1
Features ....................................................................................................................................................... 15-1

DHCP Server Standards ........................................................................................................................ 15-2

How DHCP Works ........................................................................................................................................ 15-2
DHCP Services ............................................................................................................................................. 15-3

Persistent Storage of Network Parameters for Clients ........................................................................... 15-3
Temporary or Permanent Network Address Allocation .......................................................................... 15-3

Lease................................................................................................................................................ 15-3

Assigned Network Configuration Values to Clients: Options ................................................................. 15-3
Provisioning Differentiated Network Values by Client Class .................................................................. 15-4
BOOTP Legacy Support ........................................................................................................................ 15-4
Nested Scopes: IP Pool Subsets ........................................................................................................... 15-4
Scope Caveat ......................................................................................................................................... 15-5
Manual Bindings ..................................................................................................................................... 15-5

Advertising

Popular Brands

Popular manuals