Filter
Top Products
Headquarters
Page 9 | AlliedWare™ OS How To Note: VPNs for Corporate Networks
Give a fixed public address to the interface eth0, which is the Internet connection interface.
You can replace eth0 with ppp0 if you use a leased line.
enable ip
add ip int=eth0 ip=200.200.200.1
Give a fixed private address to the interface vlan
1
, which connects the router to the
headquarters LAN.
add ip int=vlan1 ip=192.168.140.254
Set the default route. The next hop is the gateway address provided by the ISP.
add ip rou=0.0.0.0 mask=0.0.0.0 int=eth0 next=200.200.200.254
If desired, set up the router as a DHCP server for the headquarters LAN.
create dhcp policy=hq lease=7200
add dhcp policy=hq rou=192.168.140.254
add dhcp policy=hq subn=255.255.255.0
create dhcp range=hq_hosts policy=hq ip=192.168.140.16 num=32
ena dhcp
If you need remote management access, we strongly recommend that you use Secure Shell
(SSH). You should not telnet to a secure gateway.
To configure SSH, define appropriate RSA encryption keys, then enable the SSH server.
create enco key=2 type=rsa length=1024 description="host key"
format=ssh
create enco key=3 type=rsa length=768 description="server key"
format=ssh
enable ssh server serverkey=3 hostkey=2
Enable the user who connects via SSH to log in as secoff, by adding the secoff user as an SSH
user. Also, you may choose to restrict access so that it is only permitted from particular
addresses.
add ssh user=secoff password=<secoff-password>
ipaddress=<trusted-remote-ip-address>
mask=<subnet-mask-of-trusted-hosts>
disable telnet server
Secure Shell is a more secure, encrypted method of remote management access than telnet.
If you need to use telnet, even though it is insecure, you should restrict access by defining
2. Configure IP for internet access
3. Configure remote management access, if desired