User`s guide
XSR User’s Guide 263
Chapter 11 VPN Configuration Overview
Configuring the Virtual Private Network
– ip address and group set the IP address and usergroup
assigned to the remote user.
Configures RADIUS, local or PKI databases with the
aaa method
command as well as the following sub-commands:
–
acct-port sets the UDP port for accounting requests.
–
address specifies the RADIUS server address with either a host
name or IP address.
–
attempts sets the total of consecutive login attempts that must
transpire before the RADIUS method's backup method is used.
–
auth-port specifies the UDP port for authentication requests.
–
enable initializes the current RADIUS server.
–
group specifies the name of an existing usergroup.
–
hash enable initializes the hash algorithm used for RADIUS.
–
key sets the shared secret used between the XSR and the server
daemon running on a RADIUS server.
–
qtimeout specifies the queue timeout.
–
retransmit specifies the number of RADIUS server
retransmissions sent to a server before timing out.
–
timeout sets the interval the XSR waits for the RADIUS server to
reply before retransmitting.
–
backup creates a name for a backup RADIUS server.
Configures pre-shared keys with
aaa user and password
Configuring AAA
Pre-shared keys used in a Site-to-Site tunnel are configured using the
aaa
user
command with the following conditions applicable:
The Username is the IP address of a peer
The Password is the pre-shared key
To specify a user and password, enter the following commands:
XSR(config)#aaa user <xxx.xxx.xxx.xxx>
XSR(aaa-user)#aaa password ThISisMYShaREDsecRET
The following sample configuration creates user Jeremiah in the PromisedLand
usergroup, with DNS, WINS and MPPE encryption, and assigns IP local pool
remote_users for remote access:
XSR(config)#aaa group PromisedLand
XSR(aaa-group)#dns server primary 112.16.1.16
XSR(aaa-group)#dns server secondary 112.30.30.20