Filter
Top Products
Page 49 | AlliedWare™ OS How To Note: VPNs for Corporate Networks
branch office 2
# DHCP configuration
# If desired, use the router as a DHCP server.
create dhcp poli=branch2 lease=7200
add dhcp poli=branch2 rou=192.168.142.254
add dhcp poli=branch2 subn=255.255.255.0
create dhcp range=branch2_hosts poli=branch2 ip=192.168.142.16 num=32
ena dhcp
# SSH configuration
# You should not telnet to a secure gateway, so set up Secure Shell
# for remote management. This requires encryption keys - see
# "Before you start" on page 7.
# Enable the SSH server.
enable ssh server serverkey=2 hostkey=3
# Enable the user who connects via SSH to log in as secoff, by adding
# the secoff user as an SSH user. If desired, also restrict access so
# that it is only permitted from particular addresses.
add ssh user=secoff password=<secoff-password>
ipaddress=<trusted-remote-ip-address>
mask=<desired-subnet-mask-of-trusted-hosts>
disable telnet server
# As the commands above show, we strongly recommend SSH instead of
# telnet. However, if you choose to use telnet, create RSO users
# (remote security officers) and define the IP addresses that these
# users may connect from.
# add user rso ip=<ipadd>[-<ipadd>]
# enable user rso
# enable telnet server
# Log configuration
# If desired, forward router log entries to a UNIX-style syslog
# server.
create log output=2 destination=syslog
server=<your-local-syslog-server-address> syslogformat=extended
add log out=2 filter=1 sev=>3
# IPSEC configuration
# Create an SA specification for the site-to-site VPN. This SA
# specification uses tunnel mode by default.
create ipsec sas=1 key=isakmp prot=esp enc=3desouter hasha=sha
create ipsec bund=1 key=isakmp string="1"
# Create an IPsec policy to bypass IPsec for ISAKMP messages.
create ipsec pol=isakmp int=ppp0 ac=permit
set ipsec pol=isakmp lp=500 rp=500