ProCurve VPN Client and ProCurve Secure Router 7000dl Series - Application Note
The “Secure Site” ProCurve 7000dl series router configuration used in the sample
network is listed below:
!
hostname "SecureSiteRouter"
no enable password
!
ip subnet-zero
ip classless
ip routing
!
event-history on
no logging forwarding
no logging email
logging email priority-level info
!
!
ip firewall
!
!
!
!
!
!
ip crypto
!
crypto ike client configuration pool vpn_users
ip-range 10.24.44.1 10.24.44.5
dns-server 10.24.3.10
netbios-name-server 192.168.100.4
!
crypto ike policy 10
no initiate
respond anymode
peer any
client configuration pool vpn_users
attribute 10
encryption 3des
authentication pre-share
lifetime 600
!
crypto ike remote-id fqdn remote.com preshared-key
ProCurve_Networking
!
crypto ipsec transform-set highly_secure esp-3des
esp-sha-hmac
mode tunnel
!
crypto map corporate_vpn 1 ipsec-ike
match address vpn_traffic
set transform-set highly_secure
set security-association lifetime seconds 1800
!
interface eth 0/1
ip address 10.24.25.1 255.255.255.0
no shutdown
!
interface eth 0/2
no ip address
shutdown
!
!
interface t1 1/1
clock source line
tdm-group 1 timeslots 1-24 speed 64
no shutdown
!
interface t1 1/2
clock source through
shutdown
!
interface ppp 1
ip address 172.16.1.1 255.255.255.0
access-policy UNTRUSTED
crypto map corporate_vpn
peer default ip address 172.16.1.2
no shutdown
bind 1 t1 1/1 1 ppp 1
!
!
ip access-list standard MATCHALL
permit any
!
ip access-list extended VPN_to_LAN
permit ip 10.24.44.0 0.0.0.255 10.24.25.0
0.0.0.255
!
ip access-list extended vpn_traffic
permit ip 10.24.25.0 0.0.0.255 10.24.44.0
0.0.0.255
!
ip policy-class TRUSTED
allow list vpn_traffic
nat source list MATCHALL interface ppp 1 overload
!
ip policy-class UNTRUSTED
allow list VPN_to_LAN
discard list MATCHALL
!
ip route 192.168.100.0 255.255.255.0 ppp 1
!
no ip tftp server
ip http server
ip http secure-server
ip snmp agent
no ip ftp agent
!
line con 0
login local-userlist
!
line telnet 0 4
login local-userlist
password pnb
!
end