Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-7000
21222324252627282930
Page 24 of 30 Rel. 3.5 Release Notes
Inter-operability with Third-Party VPN Gateways Release Notes
Release 3.5 Enhanced Support for VPN Clients
13. RIP is enabled by default. You may want to change this selection.
14. Click
OK.
Configuring VPN Settings on the ANG-1100
To configure the ANG-1100 to connect with the Nortel 600, enter the following values
in the VPN Setup window of the Web Config utility of the ANG-1100. For more
information on configuring the ANG-1100, refer to the ANG-1100 Users Guide.
Enter the following values in the appropriate fields. Be aware that IP addresses
displayed are sample parameters.
! Enter Nortel_Peer in the VPN Connection Name field.
! Set the public IP address of the Nortel device. Type 146.115.206.43 in the
Gateway IP address field.
! Enter testing as a Password. This value must match the value configured for
the CES.
! Select Peer to Peer Mode.
! Type 10.122.53.0/24 in the first Peer Subnet address and Mask fields. This
value must match the trusted subnet of the CES.
! Checkmark Start network gateway now and click
APPLY.
PFS Configuration
Since the CES 600 performs Group 2 (1024-bit) Perfect Forward Secrecy only, and the
ANG-1100 supports Group 1 (768-bit) PFS only, you must perform the following steps
on the ANG-1100s Web Config CLI to enable inter-operability between the devices:
1. Create an ipsecProposal for group 2. Type: ipsecProposal -a -n
pfs2on -p enable -g Mopd1024 -T 30 -D 35 -e
"esp1;esp2;esp5;esp7;esp8;esp9"
2. Modify the ipsecRule for the remote device (Check the value of the Gateway
for the correct rule.) Type: ipsecRule -n r0sn1 -p pfs2on
3. Reboot the ANG-1100.
IPSec Transform Configuration
Nortel limits the number of IPSec transforms it processes. To inter-operate the devices
with PFS disabled for Phase II SA, perform the following steps:
1. Modify the ipsecRule for the remote device to delete the PFS proposals from
the rule. Type: ipsecRule -n r0sn1 -p pfsoff
2. Reboot the ANG-1100.
NOTE
Once the CLI commands are issued, you will not be able to use VPN Setup on
Web Config to manage tunnels unless the ANG-1100 is reset.