Headquar ters – Allied Telesis AlliedWare AR440S User Manual
Page 8
Headquar
ters
Page 8 | AlliedWare™ OS How To Note: VPNs for Corporate Networks
How to configure the headquarters VPN access
concentrator
Before you begin to configure your router, ensure that it is running the appropriate software
release, patch and GUI files and has no configuration.
set inst=pref rel=<rel-file> pat=<patch-file> gui=<gui-file>
set conf=none
disable system security
restart reboot
Note:
A software QoS extension to this configuration, to prioritise VoIP traffic over the
VPNs, is available in
"How to prioritise outgoing VoIP traffic from the headquarters router" on
Name the router
set system name=HQ
Define a security officer.
add user=secoff pass=<your-secoff-password> priv=securityofficer
lo=yes telnet=yes
Do not forget your “secoff” password.
Enable security mode so that VPN keys are stored securely, and other security features are
enabled.
enable system security
Once security mode is enabled, you need to log in as a security officer to enter most
configuration-altering commands.
login secoff
password: <your-secoff-password>
It is important to keep this security officer username and password secure, and to consider
proper handover of it in the event of IT staff changes.
Also, we recommend you leave a “manager” privilege user defined because this may provide
backup access if the security officer password is lost. Do not leave the manager password at
the factory default—change it to a password in keeping with your company's security policy.
set user=manager password=<your-company-policy-password>
When security mode is enabled, router configuration access times out after inactivity to
prevent unauthorised access. The default timeout is 60 seconds, but you may temporarily
raise it to 600 seconds if desired.
set user securedelay=600
1. Configure general system and user settings