Filter
Top Products
Page 44 | AlliedWare™ OS How To Note: VPNs for Corporate Networks
branch office
1
# allows incoming roaming VPN client connections. The clients can
# only target a known, unchanging address.
create ppp=0 over=atm0.1 echo=10 lqr=off bap=off idle=off
set ppp=0 username="branch office 1" password=branch1 iprequest=off
# Note that this interface needs a permanent IP address because the
# branch office allows incoming roaming VPN client connections. The
# clients can only target a known, unchanging address.
# IP configuration
enable ip
add ip int=vlan1 ip=192.168.141.254
# Statically define the PPP interface address.
add ip int=ppp0 ip=222.222.222.1
add ip rou=0.0.0.0 mask=0.0.0.0 int=ppp0 next=0.0.0.0
# Create an IP pool to allocate unique internal payload addresses to
# incoming VPN clients.
create ip pool=roaming ip=192.168.143.1-192.168.143.50
# DHCP configuration
# If desired, use the router as a DHCP server.
create dhcp poli=branch1 lease=7200
add dhcp poli=branch1 rou=192.168.141.254
add dhcp poli=branch1 subn=255.255.255.0
create dhcp range=branch1_hosts poli=branch1 ip=192.168.141.16 num=32
ena dhcp
# SSH configuration
# You should not telnet to a secure gateway, so set up Secure Shell
# for remote management. This requires encryption keys - see
# "Before you start" on page 7.
# Enable the SSH server.
enable ssh server serverkey=3 hostkey=2
# Enable the user who connects via SSH to log in as secoff, by adding
# the secoff user as an SSH user. If desired, also restrict access so
# that it is only permitted from particular addresses.
add ssh user=secoff password=<secoff-password>
ipaddress=<trusted-remote-ip-address>
mask=<desired-subnet-mask-of-trusted-hosts>
disable telnet server
# As the commands above show, we strongly recommend SSH instead of
# telnet. However, if you choose to use telnet, create RSO users
# (remote security officers) and define the IP addresses that these
# users may connect from.
# add user rso ip=<ipadd>[-<ipadd>]
# enable user rso
# enable telnet server