Enterasys Networks Security Router X-PeditionTM User Manual

Page 416

Advertising
background image

Configuration Examples

16-30 Configuring Security on the XSR

XSR(config)#ip route 0.0.0.0 0.0.0.0 141.154.196.93

Define an IP pool for distribution of tunnel addresses to all client types:

XSR(config)#ip local pool test 10.120.70.0 255.255.255.0

Create hosts to resolve hostnames for the certificate servers for CRL retrieval:

XSR(config)#ip host parentca 141.154.196.89
XSR(config)#ip host childca2 141.154.196.81
XSR(config)#ip host childca1 141.154.196.83

Clear the DF bit globally:

XSR(config)#crypto ipsec df-bit clear

Enable the OSPF engine, VPN and FastEthernet 1 interfaces for routing:

XSR(config)#router ospf 1
XSR(config-router)#network 10.120.70.0 0.0.0.255 area 5.5.5.5
XSR(config-router)#network 96.96.96.0 0.0.0.255 area 5.5.5.5

Create a group for NEM and Client mode users:

XSR(config)#aaa group sohoclient
XSR(aaa-group)#dns server primary 10.120.112.220
XSR(aaa-group)#dns server secondary 0.0.0.0
XSR(aaa-group)#wins server primary 10.120.112.220
XSR(aaa-group)#wins server secondary 0.0.0.0
XSR(aaa-group)#ip pool test
XSR(aaa-group)#pptp compression
XSR(aaa-group)#pptp encrypt mppe 128
XSR(aaa-group)#l2tp compression
XSR(aaa-group)#policy vpn

Configure DEFAULT group parameters including DNS and WINs servers, an IP pool, PPTP and
L2TP values, and client VPN permission:

XSR(config)#aaa group DEFAULT
XSR(aaa-group)#dns server primary 0.0.0.0
XSR(aaa-group)#dns server secondary 0.0.0.0
XSR(aaa-group)#wins server primary 0.0.0.0
XSR(aaa-group)#wins server secondary 0.0.0.0
XSR(aaa-group)#ip pool test
XSR(aaa-group)#pptp compression
XSR(aaa-group)#pptp encrypt mppe 128
XSR(aaa-group)#l2tp compression
XSR(aaa-group)#policy vpn

Define a group for remote access XP users including DNS and WINs servers, an IP pool, PPTP and
L2TP values, and client VPN permission:

XSR(config)#aaa group XPusers
XSR(aaa-group)#dns server primary 10.120.112.220
XSR(aaa-group)#dns server secondary 0.0.0.0
XSR(aaa-group)#wins server primary 10.120.112.220
XSR(aaa-group)#wins server secondary 0.0.0.0
XSR(aaa-group)#ip pool test
XSR(aaa-group)#pptp compression
XSR(aaa-group)#pptp encrypt mppe 128

Advertising
Popular Brands
Popular manuals