Filter
Top Products
Page 45 | AlliedWare™ OS How To Note: VPNs for Corporate Networks
branch office
1
# Log configuration
# If desired, forward router log entries to a UNIX-style syslog
# server.
create log output=2 destination=syslog
server=<your-local-syslog-server-address> syslogformat=extended
add log out=2 filter=1 sev=>3
# IPSEC configuration
# Create an SA specification for the site-to-site VPN. This SA
# specification uses tunnel mode by default.
create ipsec sas=1 key=isakmp prot=esp enc=3desouter hasha=sha
# Create a group of SA specifications for the roaming VPN clients.
# These SA specifications use IPsec transport mode.
create ipsec sas=2 key=isakmp prot=esp enc=3desouter hasha=sha
mod=transport
create ipsec sas=3 key=isakmp prot=esp enc=3desouter hasha=md5
mod=transport
create ipsec sas=4 key=isakmp prot=esp enc=des hasha=sha
mod=transport
create ipsec sas=5 key=isakmp prot=esp enc=des hasha=md5
mod=transport
create ipsec bund=1 key=isakmp string="1"
create ipsec bund=2 key=isakmp string="2 or 3 or 4 or 5"
# Create IPsec policies to bypass IPsec for ISAKMP messages and the
# "port floated" key exchange that NAT-T uses.
create ipsec pol=isakmp int=ppp0 ac=permit
set ipsec pol=isakmp lp=500 rp=500
create ipsec pol=isakmp_float int=ppp0 ac=permit
set ipsec pol=isakmp_float lp=4500
# Create an IPsec policy for branch 1 to headquarters VPN traffic.
create ipsec pol=hq int=ppp0 ac=ipsec key=isakmp bund=1
peer=200.200.200.1 isa=hq
set ipsec pol=hq lad=192.168.141.0 lma=255.255.255.0 rad=192.168.0.0
rma=255.255.0.0
# Create another IPsec policy for roaming VPN clients. This policy
# uses the L2TP port to identify traffic.
create ipsec pol=roaming int=ppp0 ac=ipsec key=isakmp bund=2 peer=any
isa=roaming
set ipsec pol=roaming lp=1701 tra=UDP
# Create another IPsec policy to allow for direct Internet access
# such as web browsing.
create ipsec pol=internet int=ppp0 ac=permit
enable ipsec