User`s guide

XSR User’s Guide 247

Chapter 11 VPN Applications

Configuring the Virtual Private Network

OSPF Commands

The same OSPF commands available for configuration in

FastEthernet/GigabitEthernet or Serial Interface mode are available in

Interface VPN mode. They are:



ip ospf authentication-key

 ip ospf cost

 ip ospf dead-interval

 ip ospf hello-interval

 ip ospf message-digest-key

 ip ospf priority

 ip ospf retransmit-interval

 ip ospf transmit-delay

Additionally, show ip ospf interface vpn is available in EXEC mode.

Configuring OSPF Over Site-to-Site in Client Mode

When the XSR is configured in a Client Mode, Site-to-Site application, it

creates an asymmetric connection with one side acting as the server and other

the client. The client initiates the tunnel upon node startup, requesting an IP

address from the server.

From the client’s point of view, the tunnel is a point-to-point connection; the

VPN (virtual) interface associated with the tunnel must be a point-to-point

connection. The server terminates connections from more than one client.

Each connected client is issued an IP address.

From the server’s point of view, connected tunnels form point-to-multipoint

links. Additionally, the server does not see a segment behind the client,

because in Client Mode NAT is employed inside the tunnel and all traffic

originated from trusted segment is NAT-ed to use an IP address assigned by

the server, as shown in Figure 45.