beautypg.com

Branch office 2 – Allied Telesis AlliedWare AR440S User Manual

Page 26

background image

Page 26 | AlliedWare™ OS How To Note: VPNs for Corporate Networks

branch office 2

If desired, set up the router as a DHCP server for the branch office 2 LAN.

create dhcp policy=branch2 lease=7200

add dhcp policy=branch2 rou=192.168.142.254

add dhcp policy=branch2 subn=255.255.255.0

create dhcp range=branch2_hosts poli=branch2 ip=192.168.142.16 num=32

ena dhcp

If you need remote management access, we strongly recommend that you use Secure Shell
(SSH). You should not telnet to a secure gateway.

To configure SSH, define appropriate RSA encryption keys, then enable the SSH server.

create enco key=2 type=rsa length=1024 description="host key"

format=ssh

create enco key=3 type=rsa length=768 description="server key"

format=ssh

enable ssh server serverkey=3 hostkey=2

Enable the user who connects via SSH to log in as secoff, by adding the secoff user as an SSH
user. Also, you may choose to restrict access so that it is only permitted from particular
addresses.

add ssh user=secoff password=<secoff-password>

ipaddress=<trusted-remote-ip-address>

mask=<subnet-mask-of-trusted-hosts>

disable telnet server

Secure Shell is a more secure, encrypted method of remote management access than telnet.
If you need to use telnet, even though it is insecure, you should restrict access by defining
remote security officers (RSOs). RSO definitions specify trusted remote addresses for
security officer users.

add user rso ip=<ipadd>[-<ipadd>]

enable user rso

enable telnet server

If desired, set the router to send log messages to a syslog server.

create log output=2 destination=syslog server=<syslog-server-address>

syslogformat=extended

add log out=2 filter=1 sev=>3

If desired, you can configure SNMP to inform you or your service provider of network
events, such as the LAN interface of the router going down. We recommend SNMPv3 for
security reasons. For details, see How To Configure SNMPv3 On Allied Telesis Routers and
Managed Layer 3 Switches. This How To Note is available from

www.alliedtelesis.com/

resources/literature/howto.aspx

.

5.

Configure remote management access, if desired

6.

Capture status information remotely, if desired

See also other documents in the category Allied Telesis Hardware: