User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000

291

292

293

294

295

296

297

298

299

300

262 XSR User’s Guide

VPN Configuration Overview Chapter 11

Configuring the Virtual Private Network

XSR(config-crypto-m)#set transform-set esp-3des-sha

XSR(config-crypto-m)#match address 40

XSR(config-crypto-m)#set peer 192.168.45.12

XSR(config-crypto-m)#no set security-association level per-host

Authentication, Authorization and Accounting Configuration

The XSR’s AAA implementation configures all authentication, authorization

and accounting characteristics of users (Remote Access) and peer gateways

(Site-to-Site). These characteristics include:

 Usernames and passwords for authentication

 Associated group name for authorization of network services

 IP addressing, including:

– Virtual addresses from a local IP pool

– DNS (primary and secondary) for remote access clients

– WINS (primary and secondary) for remote access clients

 Compression settings for remote access clients and site-to-site tunnels

 Encryption settings for PPTP remote access clients

 Configuration for standardized Authentication methods, that is,

RADIUS. In addition to all the necessary values for communicating

securely with a RADIUS server, the XSR allows you to specify a backup

RADIUS server for authentication failover.

AAA Commands

The following AAA commands are provided by the XSR:

 Configures authentication for users and groups with

aaa user and aaa

group

commands as well as the following sub-commands:

–

policy specifies SSH, Tel net , Firewall or VPN service for users

–

dns-server and wins server configure the IP addresses of

primary and secondary DNS and WINS servers to distribute to

remote access users and connecting XSRs.

–

ip pool associates a globally defined IP address pool (set with ip

local pool

) with a user group. When a remote access user or

XSR connects, an IP address is distributed from this pool. Be

aware that if an AAA user is configured to use a static IP address

which belongs to a local IP pool, you must exclude that address

from the local pool.

–

l2tp/pptp compression commands enable compression on

L2TP and PPTP sessions, respectively, and

pptp encrypt mppe

configures Microsoft Point-to-Point Encryption on a PPTP link.