Manualshelf

- Enterasys Security Router User's Guide

ManualsBrandsEnterasys Networks ManualsNetwork RouterSecurity Router X-PeditionTM
411412413414415416417418419420
Configuration Examples
16-30 Configuring Security on the XSR
XSR(config)#ip route 0.0.0.0 0.0.0.0 141.154.196.93
Define an IP pool for distribution of tunnel addresses to all client types:
XSR(config)#ip local pool test 10.120.70.0 255.255.255.0
Create hosts to resolve hostnames for the certificate servers for CRL retrieval:
XSR(config)#ip host parentca 141.154.196.89
XSR(config)#ip host childca2 141.154.196.81
XSR(config)#ip host childca1 141.154.196.83
Clear the DF bit globally:
XSR(config)#crypto ipsec df-bit clear
Enable the OSPF engine, VPN and FastEthernet 1 interfaces for routing:
XSR(config)#router ospf 1
XSR(config-router)#network 10.120.70.0 0.0.0.255 area 5.5.5.5
XSR(config-router)#network 96.96.96.0 0.0.0.255 area 5.5.5.5
Create a group for NEM and Client mode users:
XSR(config)#aaa group sohoclient
XSR(aaa-group)#dns server primary 10.120.112.220
XSR(aaa-group)#dns server secondary 0.0.0.0
XSR(aaa-group)#wins server primary 10.120.112.220
XSR(aaa-group)#wins server secondary 0.0.0.0
XSR(aaa-group)#ip pool test
XSR(aaa-group)#pptp compression
XSR(aaa-group)#pptp encrypt mppe 128
XSR(aaa-group)#l2tp compression
XSR(aaa-group)#policy vpn
Configure DEFAULT group parameters including DNS and WINs servers, an IP pool, PPTP and
L2TP values, and client VPN permission:
XSR(config)#aaa group DEFAULT
XSR(aaa-group)#dns server primary 0.0.0.0
XSR(aaa-group)#dns server secondary 0.0.0.0
XSR(aaa-group)#wins server primary 0.0.0.0
XSR(aaa-group)#wins server secondary 0.0.0.0
XSR(aaa-group)#ip pool test
XSR(aaa-group)#pptp compression
XSR(aaa-group)#pptp encrypt mppe 128
XSR(aaa-group)#l2tp compression
XSR(aaa-group)#policy vpn
Define a group for remote access XP users including DNS and WINs servers, an IP pool, PPTP and
L2TP values, and client VPN permission:
XSR(config)#aaa group XPusers
XSR(aaa-group)#dns server primary 10.120.112.220
XSR(aaa-group)#dns server secondary 0.0.0.0
XSR(aaa-group)#wins server primary 10.120.112.220
XSR(aaa-group)#wins server secondary 0.0.0.0
XSR(aaa-group)#ip pool test
XSR(aaa-group)#pptp compression
XSR(aaa-group)#pptp encrypt mppe 128