- Enterasys Security Router User's Guide

ManualsBrandsEnterasys Networks ManualsNetwork RouterSecurity Router X-PeditionTM

411

412

413

414

415

416

417

418

419

420

Configuration Examples

XSR User’s Guide 16-31

XSR(aaa-group)#l2tp compression

XSR(aaa-group)#policy vpn

Configure the local AAA method for shared secret tunnels (NEM and client mode tunnels):

XSR(config)#aaa method local

XSR(aaa-method-radius)#group DEFAULT

XSR(aaa-method-radius)#qtimeout 0

Configure the RADIUS AAA method to authenticate remote access users:

XSR(config)#aaa method radius msradius default

XSR(aaa-method-radius)#backup test

XSR(aaa-method-radius)#enable

XSR(aaa-method-radius)#group DEFAULT

XSR(aaa-method-radius)#address ip-address 10.120.112.179

XSR(aaa-method-radius)#key welcome

XSR(aaa-method-radius)#auth-port 1812

XSR(aaa-method-radius)#acct-port 1646

XSR(aaa-method-radius)#attempts 1

XSR(aaa-method-radius)#retransmit 1

XSR(aaa-method-radius)#timeout 5

XSR(aaa-method-radius)#qtimeout 0

Define the Internet as all possible IP addresses:

XSR(config)#ip firewall network internet 1.0.0.0/32 external

Define the public VPN interface (crypto map):

XSR(config)#ip firewall network vpngateway 141.154.196.106 mask 255.255.255.255

internal

Define the private VPN interface (traditionally the FastEthernet 1 interface):

XSR(config)#ip firewall network f1 96.96.96.7 mask 255.255.255.255 internal

Define three trusted networks in the enterprise:

XSR(config)#ip firewall network trusted84 10.120.84.0 mask 255.255.255.0 internal

XSR(config)#ip firewall network trusted96 96.96.96.0 mask 255.255.255.0 internal

XSR(config)#ip firewall network trusted112 10.120.112.0 mask 255.255.255.0

internal

Specify remote trusted networks from NEM and Client mode tunnels:

XSR(config)#ip firewall network remote172 172.16.0.0 mask 255.255.0.0 internal

XSR(config)#ip firewall network remote192 192.168.0.0 mask 255.255.0.0 internal

Define the local pool network used for tunnel IP addresses:

XSR(config)#ip firewall network vsn 10.120.70.0 mask 255.255.255.0 internal

Define two networks to be used by OSPF:

XSR(config)#ip firewall network ospf 224.0.0.5 224.0.0.6 internal

XSR(config)#ip firewall network ssr 96.96.96.1 mask 255.255.255.255 internal

Define the NetSight network management station:

XSR(config)#ip firewall network netsight 10.120.84.3 mask 255.255.255.255

internal

Build two network groups to collect remote and trusted networks into manageable groups:

XSR(config)#ip firewall network-group trusted trusted84 trusted96 trusted112

XSR(config)#ip firewall network-group remote vsn remote172 remote192