beautypg.com

Headquar ters – Allied Telesis AlliedWare AR440S User Manual

Page 39

background image

Headquar

ters

Page 39 | AlliedWare™ OS How To Note: VPNs for Corporate Networks

#

DHCP configuration

#

If desired, use the router as a DHCP server.

create dhcp poli=hq lease=7200

add dhcp poli=hq rou=192.168.140.254

add dhcp poli=hq subn=255.255.255.0

create dhcp range=hq_hosts poli=hq ip=192.168.140.16 num=32

ena dhcp

#

SSH configuration

#

You should not telnet to a secure gateway, so set up Secure Shell

#

for remote management. This requires encryption keys - see

#

"Before you start" on page 7

.

#

Enable the SSH server.

enable ssh server serverkey=3 hostkey=2

#

Enable the user who connects via SSH to log in as secoff, by adding

#

the secoff user as an SSH user. If desired, also restrict access so

#

that it is only permitted from particular addresses.

add ssh user=secoff password=<secoff-password>

ipaddress=<trusted-remote-ip-address>

mask=<desired-subnet-mask-of-trusted-hosts>

disable telnet server

#

As the commands above show, we strongly recommend SSH instead of

#

telnet. However, if you choose to use telnet, create RSO users

#

(remote security officers) and define the IP addresses that these

#

users may connect from.

#

add user rso ip=<ipadd>[-<ipadd>]

#

enable user rso

#

enable telnet server

#

Log configuration

#

If desired, forward router log entries to a UNIX-style syslog

#

server.

create log output=2 destination=syslog

server=<your-local-syslog-server-address> syslogformat=extended

add log out=2 filter=1 sev=>3

#

IPSEC configuration

#

Create an SA specification for the site-to-site VPN. This SA

#

specification uses tunnel mode by default.

create ipsec sas=1 key=isakmp prot=esp enc=3desouter hasha=sha

See also other documents in the category Allied Telesis Hardware: