User`s guide
XSR User’s Guide 281
Chapter 11 Configuration Examples
Configuring the Virtual Private Network
XSR(aaa-group)#dns server secondary 0.0.0.0
XSR(aaa-group)#wins server primary 10.120.112.220
XSR(aaa-group)#wins server secondary 0.0.0.0
XSR(aaa-group)#ip pool test
XSR(aaa-group)#pptp compression
XSR(aaa-group)#pptp encrypt mppe 128
XSR(aaa-group)#l2tp compression
XSR(aaa-group)#policy vpn
Configure the RADIUS AAA method to authenticate remote access users:
XSR(config)#aaa method radius msradius default
XSR(aaa-method-radius)#backup test
XSR(aaa-method-radius)#enable
XSR(aaa-method-radius)#group DEFAULT
XSR(aaa-method-radius)#address ip-address 10.120.112.179
XSR(aaa-method-radius)#key welcome
XSR(aaa-method-radius)#auth-port 1812
XSR(aaa-method-radius)#acct-port 1646
XSR(aaa-method-radius)#attempts 1
XSR(aaa-method-radius)#retransmit 1
XSR(aaa-method-radius)#timeout 5
XSR(aaa-method-radius)#qtimeout 0
Configure the branch office EZ-IPSec on the PPPoEe, FastEthernet sub-
interface 2.2, using certificates for authentication:
XSR(config)# interface FastEthernet 1
XSR(config-if<F1>)#ip address 172.16.1.1 255.255.255.0
XSR(config-if<F1>)#no shutdown
XSR(config)# interface FastEthernet 2
XSR(config-if<F2>)#no shutdown
XSR(config)#interface fastethernet 2.2
XSR(config-if)#crypto ezipsec
XSR(config-if)#enc ppp
XSR(config-if)#ip address negociated
XSR(config-if)#ip mtu 1492
XSR(config-if)#ip nat source assigned overload
XSR(config-if)#ppp pap sent-username pezhmon password pezhmon