Allied Telesis AR440S Network Card User Manual


  Open as PDF
of 53
 
Headquarters
Page 10 | AlliedWare™ OS How To Note: VPNs for Corporate Networks
remote security officers (RSOs). RSO definitions specify trusted remote addresses for
security officer users.
add user rso ip=<ipadd>[-<ipadd>]
enable user rso
enable telnet server
If desired, set the router to send log messages to a syslog server.
create log output=2 destination=syslog server=<syslog-server-address>
syslogformat=extended
add log out=2 filter=1 sev=>3
If desired, you can configure SNMP to inform you or your service provider of network
events, such as the LAN interface of the router going down. We recommend SNMPv3 for
security reasons. For details, see How To Configure SNMPv3 On Allied Telesis Routers and
Managed Layer 3 Switches. This How To Note is available from www.alliedtelesis.com/
resources/literature/howto.aspx.
You need to configure dynamic PPP over L2TP to accept incoming Windows VPN client
connections.
Create an IP pool to allocate unique internal payload addresses to incoming VPN clients.
create ip pool=roaming ip=192.168.143.1-192.168.143.50
Define a PPP template. This defines authentication and uses the IP pool of addresses.
create ppp template=1
set ppp template=1 bap=off ippool=roaming authentication=chap echo=10
lqr=off
Configure L2TP. When the router successfully negotiates an L2TP tunnel connection from
any remote peer, it then creates a PPP interface over that tunnel, using the PPP parameters
defined by the PPP template. If you intend to prioritise voice traffic (see page 30), also turn
on TOS (type of service) reflection, so that DSCP marked VoIP packets can be classified for
prioritisation at the PPP level.
enable l2tp
enable l2tp server=both
add l2tp ip=1.1.1.1-255.255.255.254 ppptemplate=1 tos=on
Add your approved roaming VPN client usernames.
add user=roaming1 pass=roaming1 lo=no telnet=no
add user=roaming2 pass=roaming2 lo=no telnet=no
If desired, you can instead use a RADIUS authentication server.
add radius server=<radius-server-address> secret=<secret-key>
4. Capture status information remotely, if desired
5. Configure dynamic PPP over L2TP connections
 previous next