User`s guide

282 XSR User’s Guide

Configuration Examples Chapter 11

Configuring the Virtual Private Network

Configure the Network Extension Mode tunnel, site-to-site IPSec tunnel to

the central site XSR (Robo6).

XSR(config)#interface vpn 1 point-to-point

XSR(config-int-vpn)#ip address neg

XSR(config-int-vpn)#tunnel Pipe

XSR(config-tms-tunnel)#set user certificate

XSR(config-tms-tunnel)#set protocol ipsec network

XSR(config-tms-tunnel)#set active

XSR(config-tms-tunnel)#set peer 141.154.196.86

XSR(config-int-vpn)# ip ospf cost 110

XSR(config-int-vpn)#ip ospf priority 0

XSR(config-int-vpn)#ip ospf network nbma

XSR(config)#ip route 0.0.0.0 0.0.0.0 FastEthernet 2.2

Create hosts to resolve hostnames for the certificate servers for CRL retrieval:

XSR(config)#ip host parentca 141.154.196.89

XSR(config)#ip host childca2 141.154.196.81

XSR(config)#ip host childca1 141.154.196.83

Enable the OSPF engine, VPN (Central site pool) and FastEthernet 1 interfaces

for routing:

XSR(config)#router ospf 1

XSR(config-router)#network 10.120.70.0 0.0.0.255 area 5.5.5.5

XSR(config-router)#network 172.16.1.0 0.0.0.255 area 5.5.5.5

Consult the XSR Getting Started Guide for another NEM configuration

example.

XSR/Cisco Site-to-Site Example

The following Site-to-Site configuration connects a Cisco 2600 router with

internal/external IP addresses of 192.168.3.5/192.168.2.5 to a XSR with

internal/external IP addresses of 192.168.1.2/192.168.2.2. The commands are

displayed as they would appear when displayed in the configuration file.

Cisco Configuration

version 12.2

service timestamps debug uptime