Filter
Top Products
Headquarters
Page 15 | AlliedWare™ OS How To Note: VPNs for Corporate Networks
The rule for the private interface uses both source and destination addresses to identify
outgoing VPN traffic.
add firewall policy=hq ru=5 ac=non int=vlan1 prot=all
ip=192.168.140.1-192.168.140.254 rem=192.168.141.0-192.168.144.254
If you configured SSH (recommended), create a rule to allow SSH traffic to pass through the
firewall.
add firewall policy=hq ru=6 ac=allo int=eth0 prot=tcp po=22
ip=200.200.200.1 gblip=200.200.200.1 gblp=22
If you instead stayed with telnet (not recommended) and configured RSOs, create a rule to
allow telnet traffic to pass through the firewall.
add firewall policy=hq ru=7 ac=allo int=eth0 prot=tcp po=23
ip=200.200.200.1 gblip=200.200.200.1 gblp=23
It is important to save your configuration when you finish, to preserve the configuration over
any power cuts.
create conf=<your-file.cfg>
This is particularly important in security configurations because it preserves the security
officer definition. Without this, regaining configuration access would destroy encryption
information such as keys.
Once you have saved the configuration to a file, specify that file as the configuration script to
use when the router boots up.
set config=<your-file.cfg>
Note: If you forget your secoff user password, log in as manager. The manager user cannot
edit a router in system security mode, so enter the command disable system security. This
destroys your encryption keys. Edit your configuration file to redefine your secoff user
password, then reboot, then log in as secoff, then enable system security again, then recreate
the keys.
10. Save your configuration