Firewall sample configuration, Ipoa -12, Firewall sample configuration -12 – Enterasys Networks XSR-3020 User Manual
Page 56
Firewall Sample Configuration
3-12 Software Configuration
The commands below configure the ATM interface and sub-interface with a negotiated IP
address, CHAP username and password, and bans keepalives.
XSR(config)#interface ATM 0
XSR(config-if<ATM0/0>)#no shutdown
XSR(config-if<ATM0/0.1>)#interface ATM 0.1
XSR(config-if<ATM0/0.1>)#no shutdown
XSR(config-if<ATM0/0.1>)#encapsulation snap pppoa
XSR(config-if<ATM0/0.1>)#ip address negotiated
XSR(config-if<ATM0/0.1>)#ip mtu 1492
XSR(config-if<ATM0/0.1>)#ip tcp adjust-mss 1400
XSR(config-if<ATM0/0.1>)#ppp chap hostname red password sox
XSR(config-if<ATM0/0.1>)#no ppp keepalive
IPoA
Enter the following commands to configure a IPoA topology:
XSR(config)#interface ATM 0
XSR(config-if<ATM0/0>)#no shutdown
XSR(config-if<ATM0/0>)#interface ATM 0.1
XSR(config-if<ATM0/0.1>)#encapsulation snap ipoa
XSR(config-if<ATM0/0.1>)#ip address 192.168.1.1 255.255.255.0
XSR(config-if<ATM0/0.1>)#ip mtu 1492
XSR(config-if<ATM0/0.1>)#exit
XSR(config)#ip route 0.0.0.0 0.0.0.0 30.0.0.10
XSR(config)#ip route 30.0.0.10 255.255.255.255 ATM 0.1
Firewall Sample Configuration
In this scenario, the XSR acts as a router connecting a branch office to the Internet, as illustrated in
. The branch office has two servers (Web and Mail) accessible from the external world
and an internal network of hosts which are protected from the external world by the firewall. The
Web and Mail servers are part of the DMZ and considered internal by the XSR. Note that some
commands have been abbreviated.
Note: If you have configured a VPN tunnel and wish to avoid intermittent Web browser problems,
add the crypto ipsec df-bit clear command to your configuration.