User`s guide
270 XSR User’s Guide
VPN Configuration Overview Chapter 11
Configuring the Virtual Private Network
Subject: MAILTO=SCEP, C=US, ST=MA, L=Andover,
O=Enterasys Networks, OU=Engineering, CN=Scep
Fingerprint: 91EB5A77 B5CA535A 077B65C5 65035615
Certificate Size: 1695 bytes
9 Optional. Change the enrollment retry count and period to a value
matching your CA administrator’s needs.
These values handle “non-pending” mode at the CA when a certificate
request could time out while waiting for a response. Six requests will be
issued every 10 minutes.
XSR(config)#enrollment retry count 6
XSR(config)#enrollment retry period 10
Interface VPN Options
Some configurations require the construct of virtual interfaces that represent
tunnels on the XSR. A virtual interface defined by the
interface vpn
command often represents IPSec tunnels configured automatically by EZ-
IPSec. A VPN interface can also be configured as a point-to-point or a point-to-
multi-point interface with the following conditions:
The
interface vpn [#] point-to-point command applies to Site-
to-Site or EZ-IPSec tunnels initiated by the XSR
The
interface vpn [#] multi-point command applies to an XSR
used as a gateway and tunnel terminator
VPN Interface Sub-Commands
The following sub-commands are available at VPN Interface mode:
ip firewall + Set of commands to configure the firewall
ip address-negotiated
+ Sets the VPN interface’s IP address to be negotiated
ip address + Specifies an IP address on the VPN interface
ip multicast-redirect + Redirects multicast (RIP) to a unicast address
ip nat + Specifies NAT rules on the VPN interface
ip rip + Configures RIP routing on the VPN port
ip unnumbered
+ Enables IP processing on a serial port without assigning it an explicit IP address
ip split-horizon + Enables split horizon mechanism
ip ospf + Set of commands to configure OSP+ routing