Support User Manuals

Allied Telesis NetScreen Routers Network Router User Manual

Open as PDF

of 34

Page 29 | AlliedWare™ OS How To Note: VPNs with NetScreen routers

# IPSEC configuration

create ipsec sas=0 key=isakmp prot=esp enc=3desouter hasha=sha

set ipsec sas=0 antir=true

create ipsec bund=0 key=isakmp string="0" expirys=3600

create ipsec pol="eth0allowISAKMP" int=eth0 ac=permit

set ipsec pol="eth0allowISAKMP" lp=500 tra=UDP

create ipsec pol="eth0allowISAKMPF" int=eth0 ac=permit

set ipsec pol="eth0allowISAKMPF" lp=4500

create ipsec pol="wiz_AT-to-NetScreen" int=eth0 ac=ipsec key=isakmp bund=0

peer=200.200.200.1 isa="wiz_AT-to-NetScreen"

set ipsec pol="wiz_AT-to-NetScreen" lad=192.168.1.0 lma=255.255.255.0

rad=192.168.2.0 rma=255.255.255.0

set ipsec pol="wiz_AT-to-NetScreen" usepfsk=TRUE gro=2

create ipsec pol="eth0allow" int=eth0 ac=permit

enable ipsec

# ISAKMP configuration

create isakmp pol="wiz_AT-to-NetScreen" pe=200.200.200.1 enc=3desouter key=0

natt=true

set isakmp pol="wiz_AT-to-NetScreen" expirys=28800 gro=2

set isakmp pol="wiz_AT-to-NetScreen" sendd=true sendn=true

enable isakmp

Dynamic

address on

Allied Telesis

router

The configuration is:

# System configuration

set system name="AlliedTelesis"

# User configuration

set user securedelay=600

set user=manager pass=your-password priv=manager lo=yes

set user=manager telnet=yes desc="Manager Account"

add user=secoff pass=your-password priv=securityOfficer lo=yes

set user=secoff telnet=no netmask=255.255.255.255

# PPP configuration

create ppp=0 description="Link to ISP" idle=3600 over=eth0-any

set ppp=0 iprequest=on username="pppoe_user" password="alliedtelesis"

# IP configuration

enable ip

enable ip remote

ena ip dnsrelay

add ip int=vlan1 ip=192.168.1.1

add ip int=ppp0 ip=0.0.0.0 mask=0.0.0.0

add ip rou=0.0.0.0 mask=0.0.0.0 int=ppp0 next=0.0.0.0

# Firewall configuration

enable firewall

create firewall policy="guilan"

enable firewall policy="guilan" icmp_f=ping

add firewall policy="guilan" int=vlan1 type=private

add firewall policy="guilan" int=ppp0 type=public

add firewall poli="guilan" nat=enhanced int=vlan1 gblin=ppp0

add firewall poli="guilan" ru=1 ac=allo int=ppp0 prot=udp po=500

ip=100.100.100.1 gblip=100.100.100.1 gblp=500

add firewall poli="guilan" ru=2 ac=allo int=ppp0 prot=udp po=4500

ip=100.100.100.1 gblip=100.100.100.1 gblp=4500

add firewall poli="guilan" ru=3 ac=non int=ppp0 prot=ALL enc=ips

add firewall poli="guilan" ru=4 ac=non int=vlan1 prot=ALL

ip=192.168.1.1-192.168.1.254

set firewall poli="guilan" ru=4 rem=192.168.2.1-192.168.2.254

previous next