Configuration examples, Xsr with vpn - central gateway, Configuration examples -36 – Enterasys Networks Security Router X-PeditionTM User Manual
Page 358: Xsr with vpn - central gateway -36, Configuration, Examples, Xsr with vpn - central, Gateway
Configuration Examples
14-36 Configuring the Virtual Private Network
XSR(config-tms-tunnel)#set peer 200.10.20.30
+
Specifies the IP address of the remote peer
XSR(config-tms-tunnel)#set protocol ipsec network-extension-mode
+
Selects IPSec to initiate a
NEM tunnel connection
Most of the parameters shown below have been automatically entered by EZ-IPSec. Be aware that
they do not appear in the running-config file.
crypto isakmp peer 200.10.20.30/32
proposal ez-ike-3des-sha-psk ez-ike-3des-md5-psk
config-mode client
exchange-mode aggressive
nat-traversal automatic
crypto map ez-ipsec 100
match address 100
set peer 200.10.20.30
mode tunnel
set transform-set ez-esp-3des-sha-pfs ez-esp-3des-md5-pfs
set transform-set ez-esp-aes-sha-pfs ez-esp-aes-md5-pfs
set transform-set ez-esp-3des-sha-no-pfs ez-esp-3des-md5-no-pfs
set transform-set ez-esp-aes-sha-no-pfs ez-esp-aes-md5-no-pfs
crypto map ez-ipsec 101
match address 101
set peer 200.10.20.30
Configuration Examples
XSR with VPN - Central Gateway
In this scenario, as shown in
, a Central VPN gateway is set to perform the following:
•
Terminate NEM and Client mode tunnels
•
Terminate remote access L2TP/IPSec tunnels
•
Terminate PPTP remote access tunnels
•
OSPF routing with the next hop corporate router on the trusted VPN interface
•
DF bit clear on the public VPN interface to handle large non-fragmentable IP frames
•
OSPF routing over the multi-point VPN interface for other site-to-site tunnels
•
Assign the first IP address of the pool to the multi-point VPN interface.
Note: Pre-shared key proposals are used if a user name is supplied with a tunnel. If no user name is
supplied, EZ-IPSec verifies the XSR has one or more valid certificates and it uses RSA signature
authentication.