Enterasys Networks XSR-3150 User Manual

Page 76

Advertising
background image

VPN Sample Configuration with Network Extension Mode

3-32 Software Configuration

Create user(s), specify an IP from virtual subnet, and assign a password:

XSR(config)#aaa user nem-test
XSR(config)#password welcome
XSR(config)#aaa user jeffb
XSR(config)#password welcome

Check to make sure the transforms and proposals were created properly:

XSR#show crypto ipsec transform-set
Name

PFS ESP ESP-AH AH IPCOMP

----

--- --- ------ -- ------

*ez-esp-3des-sha-pfs Modp768 3DES HMAC-SHA None None
*ez-esp-3des-sha-no-pfs Disabled 3DES HMAC-SHA None None
*ez-esp-3des-md5-pfs Modp768 3DES HMAC-MD5 None None
*ez-esp-3des-md5-no-pfs Disabled 3DES HMAC-MD5 None None
*ez-esp-aes-sha-pfs Modp768 AES HMAC-SHA None None
*ez-esp-aes-sha-no-pfs Disabled AES HMAC-SHA None None
*ez-esp-aes-md5-pfs Modp768 AES HMAC-MD5 None None
*ez-esp-aes-md5-no-pfs Disabled AES HMAC-MD5 None None

XSR#show crypto isakmp proposal
Name Authentication Encrypt Integrity Group Lifetime
---- -------------- ------- --------- ----- --------
*ez-ike-3des-sha-psk PreSharedKeys 3DES HMAC-SHA Modp1024 28800
*ez-ike-3des-md5-psk PreSharedKeys 3DES HMAC-MD5 Modp1024 28800
*ez-ike-3des-sha-rsa RSASignature 3DES HMAC-SHA Modp1024 28800
*ez-ike-3des-md5-rsa RSASignature 3DES HMAC-MD5 Modp1024 28800

Create the ISAKMP IKE global peer:

XSR#crypto isakmp peer 0.0.0.0 0.0.0.0
XSR#config-mode gateway
XSR#exchange-mode aggressive
XSR#proposal ez-ike-3des-sha-psk ez-ike-3des-md5-psk

Create the ACL for trusted subnet of the XSR and virtual subnet of XSR:

XSR(config)#access-list 101 permit ip any 10.11.11.0 0.0.0.255
XSR(config)#access-list 102 permit ip any 10.12.12.0 0.0.0.255
XSR(config)#access-list 103 permit ip any 10.10.10.0 0.0.0.255

Create crypto map statements for each ACL entry with the more protective tunnel mode set by
default. Match statements render the associated ACLs bi-directional:

XSR(config)#crypto map test 101
XSR(config)#set transform-set ez-esp-3des-sha-pfs
XSR(config)#match address 101

XSR(config)#crypto map test 102
XSR(config)#set transform-set ez-esp-3des-sha-pfs
XSR(config)#match address 102

XSR(config)#crypto map test 103
XSR(config)#set transform-set ez-esp-3des-sha-pfs
XSR(config)#match address 103

Advertising
Popular Brands
Popular manuals