Enterasys-networks Security Router X-PeditionTM Manual de usuario Pagina 342
- Pagina / 466
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
VPN Configuration Overview
14-20 Configuring the Virtual Private Network
• Authentication, Authorization, and Accounting (AAA) support including AAA per interface
(for clients), AAA for PPP, and AAA debugging
• Dynamic Host Configuration Protocol (DHCP) support
–DHCP Server
•OSPF over VPN
• DF Bit override on IPSec tunnels
• Copy TOS byte support (refer to“Configuring Quality of Service” on page 12-1 for a
configuration examples)
• QoS on VPN (refer to“Configuring Quality of Service” on page 12-1 for more information)
VPN Configuration Overview
IPSec configuration entails the following basic steps. First, decide what type of VPN you want to
configure from the following choices:
• Site-to-Site (Peer-to-Peer) using either pre-shared key or digital certificate (PKI) authentication
• EZ-IPSec using Client or Network Extension mode
• Remote Access using either L2TP/IPSec or PPTP
Consider that in Site-to-Site applications, the XSR can act as a gateway, or terminator, of tunnels
and also as the client, or initiator, of tunnels. In Remote Access applications, the router can only act
as a server.
Next, perform the following:
• Generate a master encryption key once on the XSR.
• Define ACLs to specify the type of traffic to be secured.
• Specify policies - IKE and IPSec transform-sets spell out authentication, encryption, data
integrity, policy lifetime, and other values when negotiating Security Associations (SAs) with
IPSec peers.
• Create a Security Policy Database (SPD) by configuring crypto maps, transform-sets, and ACLs.
• Configure authentication via AAA and/or PKI.
• Set up optional auxiliary functions including RADIUS, IP address assignment, and NAT.
• Configure a VPN interface, if required.
Master Encryption Key Generation
The XSR stores sensitive data such as user names, passwords, and certificates in Flash: directory
files. Retaining this data in the clear would pose a security risk, so the XSR uses the master
encryption key to encode it. The XSR is not supplied with a master encryption key at the factory -
you must manually generate it before configuring VPN. To do so:
- X-Pedition 1
- Security Router 1
- Australian Telecom 7
- APPROVED 8
- SS/366.01 8
- Enterasys Networks, Inc 9
- Firmware License Agreement 9
- Contents 13
- Chapter 5: Configuring IP 15
- Chapter 8: Configuring PPP 19
- Chapter 13: Configuring ADSL 23
- Chapter 15: Configuring DHCP 25
- Contents of the Guide 29
- XSR User’s Guide xxix 31
- Getting Help 32
- 1-2 Overview 34
- XSR User’s Guide 1-3 35
- 1-4 Overview 36
- Managing the XSR 37
- 2-2 Managing the XSR 38
- Connecting via Telnet 39
- Connecting via SSH 39
- Accessing the Initial Prompt 40
- Synchronizing the Clock 40
- Managing the Session 41
- Remote Auto Install 41
- 2-6 Managing the XSR 42
- RAI Requirements on the XSR 43
- How RAI Components Work 43
- Bootp Client 44
- Reverse DNS Client 44
- TFTP Client 44
- Frame Relay (Central Site) 44
- XSR User’s Guide 2-9 45
- PPP RAI over a Leased Line 46
- PPP RAI over a Dial-in Line 46
- PPP RAI over ADSL 46
- CLI Editing Rules 47
- 2-12 Managing the XSR 48
- Global Configuration Mode 50
- Exiting From the Current Mode 50
- Mode Examples 51
- CLI Command Limits 52
- Supported Physical Interfaces 52
- Supported Virtual Interfaces 52
- Supported Ports 53
- Adding Table Entries 56
- Managing XSR Interfaces 57
- Enabling an Interface 58
- Disabling an Interface 58
- Configuring an Interface 58
- Managing Message Logs 59
- Performing Fault Management 59
- Fault Report Commands 60
- Capturing Fault Report Data 60
- Using the Real-Time Clock 61
- CTRL-C to enter Bootrom mode 62
- Configuration Save Options 63
- Bulk Configuration Management 63
- Full-config Backup 64
- Managing the Software Image 65
- 2-30 Managing the XSR 66
- XSR User’s Guide 2-31 67
- Local Bootrom Upgrade 68
- XSR User’s Guide 2-33 69
- Loading Software Images 70
- XSR User’s Guide 2-35 71
- Software Image Commands 72
- Configuration Change Hashing 72
- Memory Management 73
- 2-38 Managing the XSR 74
- SNMP Informs 75
- Shaping Trap Traffic 75
- Statistics 75
- Alarm Management (Traps) 76
- Via SNMP 78
- Schedule a measurement 78
- Using the SLA Agent in SNMP 79
- Cabletron CTdownload MIB 79
- CLI Translator 80
- Network Management Tools 81
- Fault Reporting 82
- Auto-discovery 82
- Managing LAN/WAN Interfaces 83
- Configuring the LAN 84
- MIB Statistics 84
- Overview of WAN Interfaces 85
- WAN Features 85
- Configuring the WAN 86
- XSR User’s Guide 3-5 87
- T1/E1 Subsystem Configuration 91
- T3/E3 Subsystem Configuration 91
- Drop and Insert Features 92
- XSR User’s Guide 4-5 93
- Configuring the D&I NIM 101
- Configuring IP 103
- General IP Features 104
- 5-2 Configuring IP 104
- XSR User’s Guide 5-3 105
- BOOTP/DHCP Relay 106
- ARP and Proxy ARP 106
- Proxy DNS 106
- Broadcast 107
- 5-6 Configuring IP 108
- IP Interface 109
- Secondary IP 109
- ARP & Secondary IP 110
- ICMP & Secondary IP 110
- XSR User’s Guide 5-9 111
- IP Routing Protocols 112
- RIPv1 and v2 113
- Triggered-on-Demand RIP 114
- XSR User’s Guide 5-13 115
- 5-14 Configuring IP 116
- OSPF Database Overflow 117
- OSPF Passive Interfaces 118
- OSPF Troubleshooting 119
- Null Interface 119
- Route Preference 119
- Static Routes 120
- VLAN Routing 120
- XSR User’s Guide 5-19 121
- Physical layout 121
- Logical layout 121
- Policy Based Routing 124
- Match Clauses 125
- Set Clauses 125
- PBR Cache 125
- Default Network 126
- Router ID 126
- XSR User’s Guide 5-25 127
- Network Address Translation 128
- XSR User’s Guide 5-27 129
- VRRP Definitions 130
- How the VRRP Works 131
- VRRP Features 132
- XSR User’s Guide 5-31 133
- ICMP Ping 134
- Interface Monitoring 134
- Watch Group Monitoring 135
- Equal-Cost Multi-Path (ECMP) 136
- Configuring RIP Examples 137
- 5-36 Configuring IP 138
- Configuring OSPF Example 139
- Configuring NAT Examples 140
- Dynamic Pool Configuration 141
- External 141
- 200.20.2.1 142
- 5-42 Configuring IP 144
- NAT Port Forwarding 146
- Configuring VRRP Example 147
- Configuring VLAN Examples 148
- Features 149
- Overview 149
- Describing BGP Messages 150
- Defining BGP Path Attributes 151
- Next Hop 153
- Local Preference 153
- Atomic Aggregate 155
- Aggregator 156
- Multi-Exit Discriminator 156
- Community 157
- BGP Path Selection Process 159
- BGP Routing Policy 159
- Access Control Lists 160
- Filter Lists 160
- Community Lists 160
- Route Maps 160
- Regular Expressions 161
- Regular Expression Characters 161
- Regular Expression Examples 161
- Peer Groups 162
- Initial BGP Configuration 163
- Adding BGP Neighbors 163
- Resetting BGP Connections 163
- Synchronization 164
- Address Aggregation 164
- Route Flap Dampening 164
- Capability Advertisement 165
- Route Refresh 165
- Scaling BGP 166
- Route Reflectors 167
- Confederations 168
- XSR User’s Guide 6-21 169
- Configuring BGP Route Maps 170
- Configuring BGP Neighbors 171
- BGP Aggregate Route Examples 172
- Configuring BGP Peer Groups 173
- EBGP Peer Group Example 174
- XSR User’s Guide 6-27 175
- Configuring PIM-SM and IGMP 177
- IP Multicast Overview 178
- Outlining IGMP Versions 179
- Forwarding Multicast Traffic 180
- Group Membership Actions 181
- Receiving a Query 182
- Receiving a Report 182
- Query Version Distinctions 182
- XSR User’s Guide 7-7 183
- XSR User’s Guide 7-9 185
- ip pim dr-priority command 186
- PIM Register Message 187
- PIM Join/Prune Message 187
- Assert Processing 187
- Source-Specific Multicast 188
- PIM SM over Frame Relay 188
- PIM Configuration Examples 189
- Configuring PPP 191
- Link Control Protocol (LCP) 192
- Authentication 193
- Link Quality Monitoring (LQM) 194
- Multilink PPP (MLPPP) 194
- Multi-Class MLPPP 195
- PPP Features 196
- 8-6 Configuring PPP 196
- XSR User’s Guide 8-7 197
- IP Control Protocol (IPCP) 198
- IP Address Assignment 199
- for the cable your 201
- 8-12 Configuring PPP 202
- Multilink Example 203
- Dialer Example 203
- Configuring BAP 204
- XSR2 Configuration 205
- XSR1 Configuration 206
- XSR User’s Guide 8-17 207
- 8-18 Configuring PPP 208
- Configuring Frame Relay 209
- 9-2 Configuring Frame Relay 210
- Frame Relay Features 211
- Address Resolution 212
- Discard Eligibility (DE) Bit 213
- 9-6 Configuring Frame Relay 214
- XSR User’s Guide 9-7 215
- FRF.12 Fragmentation 216
- 9-8 Configuring Frame Relay 216
- XSR User’s Guide 9-9 217
- Frame Relay 218
- Central Sites 218
- Branch Sites 218
- XSR User’s Guide 9-11 219
- 9-12 Configuring Frame Relay 220
- XSR User’s Guide 9-13 221
- 9-14 Configuring Frame Relay 222
- Configuring Dialer Services 223
- XSR User’s Guide 10-3 225
- Implementing Dial Services 226
- XSR User’s Guide 10-5 227
- XSR User’s Guide 10-7 229
- XSR User’s Guide 10-9 231
- XSR User’s Guide 10-11 233
- Overview of Dial Backup 235
- XSR User’s Guide 10-13 235
- Link Failure Backup Example 236
- XSR User’s Guide 10-15 237
- Sample Configuration 238
- XSR User’s Guide 10-17 239
- Dialer Interface Spoofing 240
- Dialer Watch 241
- XSR User’s Guide 10-19 241
- Answering Incoming ISDN Calls 242
- Incoming Call Mapping Example 243
- Configuring DoD/BoD 245
- XSR User’s Guide 10-23 245
- XSR User’s Guide 10-25 247
- XSR User’s Guide 10-27 249
- XSR User’s Guide 10-29 251
- Dial-in Router Example 253
- Dial-out Router Example 255
- Bandwidth-on-Demand 257
- Backup Configuration 259
- XSR User’s Guide 10-39 261
- XSR User’s Guide 10-41 263
- XSR User’s Guide 11-1 265
- Understanding ISDN 266
- XSR User’s Guide 11-3 267
- XSR User’s Guide 11-5 269
- + 1st line: 270
- XSR User’s Guide 11-7 271
- + 2nd line: 271
- ISDN Configuration 273
- XSR User’s Guide 11-9 273
- XSR User’s Guide 11-11 275
- XSR User’s Guide 11-13 277
- ISDN BRI 279
- BRI Leased Line 280
- BRI Leased PPP 280
- BRI Leased Frame Relay 280
- Code Cause 281
- XSR User’s Guide 12-1 283
- Traffic Classification 284
- Describing the Class Map 285
- Describing the Policy Map 285
- Mechanisms Providing QoS 286
- XSR User’s Guide 12-5 287
- XSR User’s Guide 12-7 289
- XSR User’s Guide 12-9 291
- XSR User’s Guide 12-11 293
- Configuration per Interface 294
- XSR User’s Guide 12-13 295
- Configuring QoS with FRF.12 296
- QoS on Input 299
- XSR User’s Guide 12-17 299
- QoS on VPN 299
- XSR User’s Guide 12-19 301
- XSR User’s Guide 12-21 303
- QoS and VPN Interaction 304
- XSR User’s Guide 12-23 305
- XSR User’s Guide 12-25 307
- XSR User’s Guide 12-27 309
- QoS with VLAN Policy 310
- Input and Output QoS Policy 310
- XSR User’s Guide 12-29 311
- Configuring ADSL 313
- PDU Encapsulation Choices 314
- XSR User’s Guide 13-3 315
- Routed IP over ATM 316
- ADSL Limitations 317
- ADSL Hardware 317
- 13-6 Configuring ADSL 318
- XSR User’s Guide 13-7 319
- Inverse ARP 320
- Configuration Examples 321
- XSR User’s Guide 13-9 321
- 13-10 Configuring ADSL 322
- XSR User’s Guide 14-1 323
- VPN Overview 323
- XSR User’s Guide 14-3 325
- GRE over IPSec 326
- XSR User’s Guide 14-5 327
- Certificates 328
- XSR User’s Guide 14-7 329
- DF Bit Functionality 331
- XSR User’s Guide 14-9 331
- VPN Applications 332
- VPN tunnel 333
- Client Mode 334
- Network Extension Mode 334
- XSR User’s Guide 14-15 337
- INTERNET 337
- XSR User’s Guide 14-17 339
- XSR VPN Features 340
- XSR User’s Guide 14-19 341
- VPN Configuration Overview 342
- ACL Configuration Rules 343
- XSR User’s Guide 14-23 345
- XSR User’s Guide 14-25 347
- AAA Commands 348
- Configuring AAA 348
- XSR User’s Guide 14-27 349
- Configuring PKI 350
- XSR User’s Guide 14-29 351
- XSR User’s Guide 14-31 353
- Central Site 354
- Branch Office 354
- Test and acquires ISAKMP mode 355
- Test, sequence #40 355
- Test, sequence #20 356
- Test, sequence #30 356
- EZ-IPSec Configuration 357
- Selects IPSec to initiate a 358
- NEM tunnel connection 358
- Remote Access 359
- XSR User’s Guide 14-39 361
- XSR User’s Guide 14-41 363
- XSR User’s Guide 14-43 365
- XSR User’s Guide 14-45 367
- Internet 368
- XSR User’s Guide 14-47 369
- XSR User’s Guide 14-49 371
- XSR User’s Guide 14-51 373
- Configuring DHCP 375
- DHCP Server Standards 376
- DHCP Services 377
- XSR User’s Guide 15-3 377
- BOOTP Legacy Support 378
- XSR User’s Guide 15-5 379
- Router Option 380
- Parameter Request List Option 380
- DHCP Client Interaction 380
- DHCP Client Timeouts 381
- DHCP CLI Commands 382
- DHCP Set Up Overview 383
- XSR User’s Guide 15-9 383
- Configuration Steps 383
- XSR User’s Guide 15-11 385
- BOOTP Client Support Example 386
- DHCP Option Examples 386
- XSR User’s Guide 16-1 387
- XSR User’s Guide 16-3 389
- General Security Precautions 390
- AAA Services 391
- XSR User’s Guide 16-5 391
- XSR User’s Guide 16-7 393
- Firewall Feature Set Overview 395
- XSR User’s Guide 16-9 395
- Types of Firewalls 396
- XSR User’s Guide 16-11 397
- Stateful Inspection Firewalls 398
- Filtering non-TCP/UDP Packets 398
- Application Level Commands 399
- Application Level Gateway 399
- On Board URL Filtering 400
- Configuring URL Redirection 401
- Alarm Logging 402
- XSR User’s Guide 16-17 403
- Firewall and NAT 404
- Firewall and VPN 404
- ACLs and Firewall 404
- Dynamic Reconfiguration 404
- Firewall CLI Commands 405
- XSR User’s Guide 16-19 405
- XSR User’s Guide 16-21 407
- Firewall Limitations 408
- Pre-configuring the Firewall 409
- XSR User’s Guide 16-23 409
- XSR User’s Guide 16-25 411
- Internal 411
- 10.10.10.1 412
- PPPoE/NAT/Firewall 412
- XSR User’s Guide 16-27 413
- XSR User’s Guide 16-29 415
- XSR User’s Guide 16-31 417
- XSR User’s Guide 16-33 419
- XSR User’s Guide 16-35 421
- Alarms/Events, System Limits 423
- Recommended System Limits 424
- System Alarms and Events 425
- XSR User’s Guide A-3 425
- XSR User’s Guide A-5 427
- XSR User’s Guide A-7 429
- SECURITY_LEVEL 430
- XSR User’s Guide A-9 431
- XSR User’s Guide A-11 433
- XSR User’s Guide A-13 435
- XSR User’s Guide A-15 437
- XSR User’s Guide A-17 439
- XSR User’s Guide A-19 441
- XSR SNMP Proprietary and 443
- Associated Standard MIBs 443
- XSR User’s Guide B-3 445
- rtr schedule 446
- General Variables Table 447
- BGP v4 Peer Table 447
- Field Description 448
- BGP-4 Traps 450
- Global Interface Operations 451
- Monitoring Objects 452
- IP Session Counters 453
- IP Session Table 453
- Authenticated Addresses Table 453
- DOS Attacks Blocked Counters 454
- DOS Attacks Blocked Table 454
- VPN MIB Tables 455
- XSR User’s Guide B-13 455
- XSR User’s Guide B-15 457
- XSR User’s Guide B-17 459
- XSR User’s Guide B-19 461
- XSR User’s Guide B-21 463
- Enterasys Syslog Client MIB 464
- Syslog Server Defaults 465
- Units of Conformance 465
- Compliance Statements 466
Relacionado con productos y manuales para Hardware Enterasys-networks Security Router X-PeditionTM
Hardware Enterasys-networks XSR-3150 Manual de usuario
(110 paginas)
(110 paginas)
Hardware Enterasys-networks 802.1Q Manual de usuario
(82 paginas)
(82 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.062 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales