Headquar ters – Allied Telesis AlliedWare AR440S User Manual

Headquar

ters

Page 9 | AlliedWare™ OS How To Note: VPNs for Corporate Networks

Give a fixed public address to the interface eth0, which is the Internet connection interface.
You can replace eth0 with ppp0 if you use a leased line.

enable ip

add ip int=eth0 ip=200.200.200.1

Give a fixed private address to the interface vlan1, which connects the router to the
headquarters LAN.

add ip int=vlan1 ip=192.168.140.254

Set the default route. The next hop is the gateway address provided by the ISP.

add ip rou=0.0.0.0 mask=0.0.0.0 int=eth0 next=200.200.200.254

If desired, set up the router as a DHCP server for the headquarters LAN.

create dhcp policy=hq lease=7200

add dhcp policy=hq rou=192.168.140.254

add dhcp policy=hq subn=255.255.255.0

create dhcp range=hq_hosts policy=hq ip=192.168.140.16 num=32

ena dhcp

If you need remote management access, we strongly recommend that you use Secure Shell
(SSH). You should not telnet to a secure gateway.

To configure SSH, define appropriate RSA encryption keys, then enable the SSH server.

create enco key=2 type=rsa length=1024 description="host key"

format=ssh

create enco key=3 type=rsa length=768 description="server key"

format=ssh

enable ssh server serverkey=3 hostkey=2

Enable the user who connects via SSH to log in as secoff, by adding the secoff user as an SSH
user. Also, you may choose to restrict access so that it is only permitted from particular
addresses.

add ssh user=secoff password=<secoff-password>

ipaddress=<trusted-remote-ip-address>

mask=<subnet-mask-of-trusted-hosts>

disable telnet server

Secure Shell is a more secure, encrypted method of remote management access than telnet.
If you need to use telnet, even though it is insecure, you should restrict access by defining

2.

Configure IP for internet access

3.

Configure remote management access, if desired