Headquar ters – Allied Telesis AlliedWare AR440S User Manual

Headquar

ters

Page 42 | AlliedWare™ OS How To Note: VPNs for Corporate Networks

#

If you configured SSH, create a rule for SSH traffic.

add firewall policy=hq ru=6 ac=allo int=eth0 prot=tcp po=22

ip=200.200.200.1 gblip=200.200.200.1 gblp=22

#

If you use telnet instead (not recommended), create a rule for it.

#

add firewall policy=hq ru=7 ac=allo int=eth0 prot=tcp po=23

#

ip=200.200.200.1 gblip=200.200.200.1 gblp=23

#

INT configuration - if prioritising VoIP

set int=eth0 mtu=256

set int=eth0 frag=yes

#

CLASSIFIER configuration - if prioritising VoIP

#

Create a classifier to identify voice traffic (DSCP value 48 in

#

this example).

create class=48 ipds=48

#

Software QoS configuration - if prioritising VoIP

ena sqos

#

Create a traffic class. This traffic class tags the classified

#

traffic as high priority on the interface queue. Also,make the

#

queue small - this is optimal for VoIP traffic.

cre sqos tr=1 prio=15 maxq=10

#

Create a policy with a virtual bandwidth and assign the traffic

#

class to this policy.

cre sqos poli=1 virt=120kbps

add sqos poli=1 tr=1

add sqos tr=1 class=48

set sqos interface=ipsec-branch1 tunnelpolicy=1

set sqos interface=ipsec-branch2 tunnelpolicy=1

#

TRIGGER configuration - if prioritising VoIP

#

Create triggers to apply SQoS to the dynamic PPP interfaces of up

#

to four simultaneous roaming VPN client connections.

enable trigger

create trigger=1 interface=ppp0 event=up cp=ipcp script=ppp0up.scp

create trigger=2 interface=ppp0 event=up cp=ipcp script=ppp1up.scp

create trigger=3 interface=ppp0 event=up cp=ipcp script=ppp2up.scp

create trigger=4 interface=ppp0 event=up cp=ipcp script=ppp3up.scp

#

See

page 32

for the script each trigger runs.