Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000
371372373374375376377378379380
XSR Users Guide 345
Chapter 13 Configuration Examples
Configuring Security on the XSR
Figure 59 XSR Firewall, VPN and OSPF Topology
Begin by setting the XSR system time via SNTP. This configuration is critical
for XSRs which use time-sensitive certificates.
XSR(config)#sntp-client server 10.120.84.3
XSR(config)#sntp-client poll-interval 60
Add four ACLs to permit IP pool, L2TP and NEM traffic:
XSR(config)#access-list 110 permit ip any 10.120.70.0 0.0.0.255
XSR(config)#access-list 120 permit udp any any eq 1701
XSR(config)#access-list 140 permit ip any 172.16.1.0 0.0.0.255
XSR(config)#access-list 150 permit ip any 192.168.111.0 0.0.0.255
Define IKE Phase I security parameters with the following two policies:
XSR(config)#crypto isakmp proposal xp-soho
XSR(config-isakmp)#hash md5
XSR(config-isakmp)#lifetime 50000
XSR(config)#crypto isakmp proposal p2p
XSR(config-isakmp)#authentication pre-share
XSR(config-isakmp)#lifetime 50000
Configure IKE policy for the remote peer:
XSR(config)#crypto isakmp peer 0.0.0.0 0.0.0.0
XSR
172.16.1.0
Internet
Internet
router
SSR
XP PC
Client
141.154.196.93
96.96.96.7
96.96.96.0
141.154.196.106
FE1
FE2
10.120.84.0
10.120.112.0
NEM
XSR
XSR
6
4
2
7
5
3
CM/1
PS2PS1
CM
21 21
87654321 87654321
87654321 87654321
87
6
5
4
3
21
SSR-CM-2 CONTROL MODULE
10/100BASE-TXSSR-HTX12-08
10/100BASE-TXSSR-HTX12-08
10/100BASE-TXSSR-HTX12-08
10/100BASE-TXSSR-HTX12-08
1000BASE-LXSSR-GLX19-02
SSR-8
1000BASE-SXSSR-GSX11-02
100BASE-FXSSR-HFX11-08
SSR-PS-8
100-125~5A
200-240~3A
50-60 Hz
PWR
SSR-PS-8
100-125~5A
200-240~3A
50-60 Hz
PWR