Enterasys Networks Security Router X-PeditionTM User Manual

Page 417

Advertising
background image

Configuration Examples

XSR User’s Guide 16-31

XSR(aaa-group)#l2tp compression
XSR(aaa-group)#policy vpn

Configure the local AAA method for shared secret tunnels (NEM and client mode tunnels):

XSR(config)#aaa method local
XSR(aaa-method-radius)#group DEFAULT
XSR(aaa-method-radius)#qtimeout 0

Configure the RADIUS AAA method to authenticate remote access users:

XSR(config)#aaa method radius msradius default
XSR(aaa-method-radius)#backup test
XSR(aaa-method-radius)#enable
XSR(aaa-method-radius)#group DEFAULT
XSR(aaa-method-radius)#address ip-address 10.120.112.179
XSR(aaa-method-radius)#key welcome
XSR(aaa-method-radius)#auth-port 1812
XSR(aaa-method-radius)#acct-port 1646
XSR(aaa-method-radius)#attempts 1
XSR(aaa-method-radius)#retransmit 1
XSR(aaa-method-radius)#timeout 5
XSR(aaa-method-radius)#qtimeout 0

Define the Internet as all possible IP addresses:

XSR(config)#ip firewall network internet 1.0.0.0/32 external

Define the public VPN interface (crypto map):

XSR(config)#ip firewall network vpngateway 141.154.196.106 mask 255.255.255.255
internal

Define the private VPN interface (traditionally the FastEthernet 1 interface):

XSR(config)#ip firewall network f1 96.96.96.7 mask 255.255.255.255 internal

Define three trusted networks in the enterprise:

XSR(config)#ip firewall network trusted84 10.120.84.0 mask 255.255.255.0 internal
XSR(config)#ip firewall network trusted96 96.96.96.0 mask 255.255.255.0 internal
XSR(config)#ip firewall network trusted112 10.120.112.0 mask 255.255.255.0
internal

Specify remote trusted networks from NEM and Client mode tunnels:

XSR(config)#ip firewall network remote172 172.16.0.0 mask 255.255.0.0 internal
XSR(config)#ip firewall network remote192 192.168.0.0 mask 255.255.0.0 internal

Define the local pool network used for tunnel IP addresses:

XSR(config)#ip firewall network vsn 10.120.70.0 mask 255.255.255.0 internal

Define two networks to be used by OSPF:

XSR(config)#ip firewall network ospf 224.0.0.5 224.0.0.6 internal
XSR(config)#ip firewall network ssr 96.96.96.1 mask 255.255.255.255 internal

Define the NetSight network management station:

XSR(config)#ip firewall network netsight 10.120.84.3 mask 255.255.255.255
internal

Build two network groups to collect remote and trusted networks into manageable groups:

XSR(config)#ip firewall network-group trusted trusted84 trusted96 trusted112
XSR(config)#ip firewall network-group remote vsn remote172 remote192

Advertising
Popular Brands
Popular manuals