Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000
371372373374375376377378379380
344 XSR Users Guide
Configuration Examples Chapter 13
Configuring Security on the XSR
Trial load the completed configuration into the firewall engine, and if
successful, load the configuration:
XSR(config)#ip firewall load trial
XSR(config)#ip firewall load
Configure the DHCP pool, DNS server and related settings:
XSR(config)#ip dhcp pool myDhcpPool
XSR(config)#default-router 10.10.10.1
XSR(config)#dns-server 209.226.175.223
XSR(config)#domain-name BT_basement
XSR(config)#lease 1 3 15
Globally enable the firewall. Even though you have configured and loaded
the firewall, only invoking the following command “turns on” the firewall.
Once enabled, if you are remotely connected, the firewall will close your
session. Simply login again.
XSR(config)#ip firewall enable
XSR with Firewall and VPN
In this scenario, as illustrated in Figure 59, a head-end VPN gateway is
configured to perform the following:
Terminate Network Extension Mode (NEM) and Client mode
tunnels
Terminate remote access L2TP/IPSec tunnels
Terminate PPTP remote access tunnels
Firewall inspection on the public VPN interface (the crypto map
interface)
Firewall inspection on the trusted VPN interface (the connection
to the corporate network)
OSPF routing with the next hop corporate router on the trusted
VPN interface
DF bit clear on the public VPN interface to handle large non-
fragmentable IP frames
OSPF routing over the multi-point VPN interface for other site-
to-site tunnels
Assign the first IP address of the pool to the multi-point VPN
interface