Manualshelf

Router Product Data Sheet

ManualsBrandsAllied Telesis ManualsNetwork RouterAlliedWare NetScreen Routers
21222324252627282930
Page 30 | AlliedWareā„¢ OS How To Note: VPNs with SonicWALL routers
How to use the CLI instead of the GUI
This section gives an example of the Allied Telesis CLI commands that you need to enter for
the IP, firewall, IPsec and ISAKMP aspects of this configuration.
# IP configuration
enable ip
add ip int=vlan1 ip=192.168.1.1
add ip int=eth0 ip=192.168.254.1 mask=255.255.255.252
add ip rou=0.0.0.0 mask=0.0.0.0 int=eth0 next=192.168.254.2
# Firewall configuration
enable firewall
create firewall policy=guilan
enable firewall policy=guilan icmp_f=ping
add firewall policy=guilan int=vlan1 type=private
add firewall policy=guilan int=eth0 type=public
add firewall poli=guilan nat=enhanced int=vlan1 gblint=eth0
add firewall poli=guilan rule=1 action=allow int=eth0 protocol=udp port=500
ip=192.168.254.1 gblip=192.168.254.1 gblport=500
add firewall poli=guilan rule=2 action=allow int=eth0 protocol=udp port=4500
ip=192.168.254.1 gblip=192.168.254.1 gblport=4500
add firewall poli=guilan rule=3 action=nonat int=eth0 protocol=ALL
encap=ipsec
add firewall poli=guilan rule=4 action=nonat int=vlan1 protocol=ALL
ip=192.168.1.1-192.168.1.254
set firewall poli=guilan rule=4 remote=192.168.2.1-192.168.2.254
# IPSEC configuration
create ipsec saspec=0 key=isakmp protocol=esp encalg=3desouter hashalg=sha
set ipsec saspec=0 antireplay=true
create ipsec bundle=0 key=isakmp string="0" expirysec=3600
create ipsec policy=eth0allowISAKMP int=eth0 action=permit
set ipsec policy=eth0allowISAKMP lport=500 transportprotocol=UDP
create ipsec policy=eth0allowISAKMPF int=eth0 action=permit
set ipsec policy=eth0allowISAKMPF lport=4500
create ipsec policy=wiz_AT-to-Sonic int=eth0 action=ipsec key=isakmp bundle=0
peer=200.200.200.1 isakmp=wiz_AT-to-Sonic
set ipsec policy=wiz_AT-to-Sonic laddress=192.168.1.0 lmask=255.255.255.0
raddress=192.168.2.0 rmask=255.255.255.0
set ipsec policy=wiz_AT-to-Sonic respondbadspi=TRUE
create ipsec policy=eth0allow int=eth0 action=permit
enable ipsec
# ISAKMP configuration
create isakmp policy=wiz_AT-to-Sonic peer=200.200.200.1 encalg=3desouter
key=0 natt=true
set isakmp policy=wiz_AT-to-Sonic expirysec=28800 group=2
set isakmp policy=wiz_AT-to-Sonic sendd=true sendn=true
set isakmp policy=wiz_AT-to-Sonic localid="AlliedTelesis" remotei="SonicWALL"
enable isakmp