Filter
Top Products
Headquarters
Page 39 | AlliedWare™ OS How To Note: VPNs for Corporate Networks
# DHCP configuration
# If desired, use the router as a DHCP server.
create dhcp poli=hq lease=7200
add dhcp poli=hq rou=192.168.140.254
add dhcp poli=hq subn=255.255.255.0
create dhcp range=hq_hosts poli=hq ip=192.168.140.16 num=32
ena dhcp
# SSH configuration
# You should not telnet to a secure gateway, so set up Secure Shell
# for remote management. This requires encryption keys - see
# "Before you start" on page 7.
# Enable the SSH server.
enable ssh server serverkey=3 hostkey=2
# Enable the user who connects via SSH to log in as secoff, by adding
# the secoff user as an SSH user. If desired, also restrict access so
# that it is only permitted from particular addresses.
add ssh user=secoff password=<secoff-password>
ipaddress=<trusted-remote-ip-address>
mask=<desired-subnet-mask-of-trusted-hosts>
disable telnet server
# As the commands above show, we strongly recommend SSH instead of
# telnet. However, if you choose to use telnet, create RSO users
# (remote security officers) and define the IP addresses that these
# users may connect from.
# add user rso ip=<ipadd>[-<ipadd>]
# enable user rso
# enable telnet server
# Log configuration
# If desired, forward router log entries to a UNIX-style syslog
# server.
create log output=2 destination=syslog
server=<your-local-syslog-server-address> syslogformat=extended
add log out=2 filter=1 sev=>3
# IPSEC configuration
# Create an SA specification for the site-to-site VPN. This SA
# specification uses tunnel mode by default.
create ipsec sas=1 key=isakmp prot=esp enc=3desouter hasha=sha