Support User Manuals

Allied Telesis NetScreen Routers Network Router User Manual

Open as PDF

of 34

Page 32 | AlliedWare™ OS How To Note: VPNs with NetScreen routers

set zone V1-Untrust screen land

set interface "ethernet1" zone "Trust"

set interface "ethernet2" zone "DMZ"

set interface "ethernet3" zone "Untrust"

set interface vlan1 ip 192.168.1.1/24

set interface ethernet1 ip 192.168.2.1/24

set interface ethernet1 nat

set interface ethernet3 ip 200.200.200.1/30

set interface ethernet3 route

unset interface vlan1 bypass-others-ipsec

unset interface vlan1 bypass-non-ip

set interface ethernet1 manage-ip 192.168.2.2

set interface vlan1 ip manageable

unset interface ethernet1 ip manageable

set interface ethernet2 ip manageable

set interface ethernet3 ip manageable

set hostname ns25

set address "Trust" "192.168.2.0" 192.168.2.0 255.255.255.0

"Created by vpn wizard"

set address "Untrust" "192.168.1.0" 192.168.1.0 255.255.255.0

"Created by vpn wizard"

set snmp name "ns25"

set ike gateway "Gateway for 192.168.1.0" address 100.100.100.1 Main

outgoing-interface "ethernet3" preshare "secret-key" sec-level standard

set ike gateway "Gateway for 192.168.1.0" nat-traversal

set ike gateway "Gateway for 192.168.1.0" nat-traversal udp-checksum

set ike gateway "Gateway for 192.168.1.0" nat-traversal keepalive-frequency 5

set ike policy-checking

set ike respond-bad-spi 1

set vpn "Tunnel for 192.168.1.0" id 1 gateway "Gateway for 192.168.1.0"

no-replay tunnel idletime 0 sec-level standard

set ike id-mode subnet

set xauth lifetime 480

set xauth default auth server Local

set policy id 2 from "Trust" to "Untrust" "192.168.2.0" "192.168.1.0" "ANY"

Tunnel vpn "Tunnel for 192.168.1.0" id 2 pair-policy 1

set policy id 1 from "Untrust" to "Trust" "192.168.1.0" "192.168.2.0" "ANY"

Tunnel vpn "Tunnel for 192.168.1.0" id 2 pair-policy 2

set policy id 0 name "Created by policy wizard" from "Trust" to "Untrust" "Any"

"Any" "ANY" Permit

unset global-pro policy-manager primary outgoing-interface

unset global-pro policy-manager secondary outgoing-interface

set pki authority default scep mode "auto"

set pki x509 default cert-path partial

set vrouter "untrust-vr"

exit

set vrouter "trust-vr"

unset add-default-route

set route 0.0.0.0/0 interface ethernet3 gateway 200.200.200.2

exit

previous next