Allied Telesis AR440S Network Card User Manual


  Open as PDF
of 53
 
Page 26 | AlliedWare™ OS How To Note: VPNs for Corporate Networks
branch office 2
If desired, set up the router as a DHCP server for the branch office 2 LAN.
create dhcp policy=branch2 lease=7200
add dhcp policy=branch2 rou=192.168.142.254
add dhcp policy=branch2 subn=255.255.255.0
create dhcp range=branch2_hosts poli=branch2 ip=192.168.142.16 num=32
ena dhcp
If you need remote management access, we strongly recommend that you use Secure Shell
(SSH). You should not telnet to a secure gateway.
To configure SSH, define appropriate RSA encryption keys, then enable the SSH server.
create enco key=2 type=rsa length=1024 description="host key"
format=ssh
create enco key=3 type=rsa length=768 description="server key"
format=ssh
enable ssh server serverkey=3 hostkey=2
Enable the user who connects via SSH to log in as secoff, by adding the secoff user as an SSH
user. Also, you may choose to restrict access so that it is only permitted from particular
addresses.
add ssh user=secoff password=<secoff-password>
ipaddress=<trusted-remote-ip-address>
mask=<subnet-mask-of-trusted-hosts>
disable telnet server
Secure Shell is a more secure, encrypted method of remote management access than telnet.
If you need to use telnet, even though it is insecure, you should restrict access by defining
remote security officers (RSOs). RSO definitions specify trusted remote addresses for
security officer users.
add user rso ip=<ipadd>[-<ipadd>]
enable user rso
enable telnet server
If desired, set the router to send log messages to a syslog server.
create log output=2 destination=syslog server=<syslog-server-address>
syslogformat=extended
add log out=2 filter=1 sev=>3
If desired, you can configure SNMP to inform you or your service provider of network
events, such as the LAN interface of the router going down. We recommend SNMPv3 for
security reasons. For details, see How To Configure SNMPv3 On Allied Telesis Routers and
Managed Layer 3 Switches. This How To Note is available from www.alliedtelesis.com/
resources/literature/howto.aspx.
5. Configure remote management access, if desired
6. Capture status information remotely, if desired
 previous next