Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000
281282283284285286287288289290
XSR Users Guide 255
Chapter 11 VPN Configuration Overview
Configuring the Virtual Private Network
Data integrity
MD5 and SHA-1 algorithms
Internet Protocol Security (IPSec)
Encapsulating Security Payload (ESP), Authentication Header
(AH) and IPComp
Tunnel and Transport mode
Diffie-Hellman Groups 1, 2 and 5
Mode Config for IP address assignment
NAT Traversal via UDP encapsulation
Public Key Infrastructure (PKI)
Microsoft Certificate Authority (CA) support
Simple Certificate Enrollment Protocol (SCEP)
Microsoft Simple Certificate Enrollment Protocol (MSCEP)
Chained CA support
CRL checking (Hypertext Transfer Protocol [HTTP] and
Lightweight Directory Access Protocol [LDAP])
Network Address Translation (NAT) protocol
Static NAT
NAPT
Dynamic Host Configuration Protocol (DHCP)
DHCP Server
OSPF over VPN
DF Bit override on IPSec tunnels
VPN Configuration Overview
IPSec configuration entails the following basic steps. First, decide what type
of VPN you want to configure from the following choices:
Site-to-Site (Peer-to-Peer) using either pre-shared key or digital
certificate (PKI) authentication
EZ-IPSec using Client or Network Extension mode
Remote Access using either L2TP/IPSec or PPTP
Consider that in Site-to-Site applications, the XSR can act as a gateway, or
terminator, of the tunnel and also as the client, or initiator, of the tunnel. In
Remote Access applications, the router can only terminate connections.