Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000
281282283284285286287288289290
254 XSR Users Guide
XSR VPN Features Chapter 11
Configuring the Virtual Private Network
As mentioned earlier, OSPF may advertise a network’s reachability but IPSec
policies may deny access to that network. To avoid that situation, you may
extend crypto maps attached to interfaces, but this requires prior knowledge
of networks advertised by OSPF, which renders OSPF’s dynamic network
discovery useless. In this case, OSPF is used only for monitoring the links and
providing alternate routes in case of link failure.
XSR VPN Features
The XSR supports the following VPN features:
Site-to-Site (Peer-to-Peer) application
IPSec/IKE with pre-shared secrets
IPSec/IKE with certificates (PKI)
EZ-IPSec with PKI or pre-shared secrets:
- Network Extension Mode (NEM)
- Client mode
Remote Access application
Clients
- Windows XP and 2000 (L2TP); NT 4.0, 98, 98 SE, ME, and CE.
PPTP is available on all Windows clients
L2TP/IPSec protocols
SCEP: Certificate and PKI environment
- MS-CHAP v2, EAP user authentication:
- Username/Password (local database and RADIUS)
- SecurID (third-node plug-in)
- Certificates (embedded/smart cards) – Microsoft only
PPTP protocol
- MS-Chap V2, EAP user authentication
- Local Database and RADIUS
- SecurID (third-node plug-in)
- Certificates (embedded/smart cards) – Microsoft only
Encryption
Advanced Encryption Standard (AES), Triple Data Encryption
Standard (3DES), Data Encryption Standard (DES)
3DES acceleration available