Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000
381382383384385386387388389390
350 XSR Users Guide
Configuration Examples Chapter 13
Configuring Security on the XSR
XSR(config)#ip firewall network ospf 224.0.0.5 224.0.0.6 internal
XSR(config)#ip firewall network ssr 96.96.96.1 mask
255.255.255.255 internal
Define the NetSight network management station:
XSR(config)#ip firewall network netsight 10.120.84.3 mask
255.255.255.255 internal
Build two network groups to collect remote and trusted networks into
manageable groups:
XSR(config)#ip firewall network-group trusted trusted84 trusted96
trusted112
XSR(config)#ip firewall network-group remote vsn remote172 remote192
Define service to support IPSec NAT traversal:
XSR(config)#ip firewall service nattraversal eq 2797 gt 1023 udp
Define service for ISAKMP:
XSR(config)#ip firewall service ike eq 500 gt 499 udp
Define service for L2TP tunnels:
XSR(config)#ip firewall service l2tp eq 1701 eq 1701 udp
Define service for RADIUS authentication:
XSR(config)#ip firewall service radiusauth gt 1023 eq 1645 udp
Define service for RADIUS accounting:
XSR(config)#ip firewall service radiusacct gt 1023 eq 1646 udp
Write policies allowing traffic through the public VPN interface (crypto map):
XSR(config)#ip firewall policy nattraversal internet vpngateway
nattraversal allow bidirectional
XSR(config)#ip firewall policy PPTP internet vpngateway PPTP
allow bidirectional
XSR(config)#ip firewall policy ike internet vpngateway ike allow
bidirectional
XSR(config)#ip firewall policy l2tp internet vpngateway l2tp
allow bidirectional
Allow HTTP and LDAP CRL retrieval out of the public VPN interface:
XSR(config)#ip firewall policy pki vpngateway internet HTTP allow
XSR(config)#ip firewall policy ldap vpngateway internet LDAP allow