Firewall sample configuration, Ipoa -12, Firewall sample configuration -12 – Enterasys Networks XSR-3150 User Manual

Firewall Sample Configuration

3-12 Software Configuration

The commands below configure the ATM interface and sub-interface with a negotiated IP address,
CHAP username and password, and bans keepalives.

XSR(config)#interface ATM 0
XSR(config-if)#no shutdown
XSR(config-if)#interface ATM 0.1
XSR(config-if)#no shutdown
XSR(config-if)#encapsulation snap pppoa
XSR(config-if)#ip address negotiated
XSR(config-if)#ip mtu 1492
XSR(config-if)#ip tcp adjust-mss 1400
XSR(config-if)#ppp chap hostname red password sox
XSR(config-if)#no ppp keepalive

IPoA

Enter the following commands to configure a IPoA topology:

XSR(config)#interface ATM 0
XSR(config-if)#no shutdown
XSR(config-if)#interface ATM 0.1
XSR(config-if)#encapsulation snap ipoa
XSR(config-if)#ip address 192.168.1.1 255.255.255.0
XSR(config-if)#ip mtu 1492
XSR(config-if)#exit
XSR(config)#ip route 0.0.0.0 0.0.0.0 30.0.0.10
XSR(config)#ip route 30.0.0.10 255.255.255.255 ATM 0.1

Firewall Sample Configuration

In this scenario, the XSR acts as a router connecting a branch office to the Internet, as illustrated in

Figure 3-1

. The branch office has two servers (Web and Mail) accessible from the external world

and an internal network of hosts which are protected from the external world by the firewall. The
Web and Mail servers are part of the DMZ and considered internal by the XSR. Note that some
commands have been abbreviated.

Note: If you have configured a VPN tunnel and wish to avoid intermittent Web browser problems,
add the crypto ipsec df-bit clear command to your configuration.