Enterasys Networks XSR-3150 User Manual

VPN Site-to-Site Sample Configuration

XSR Getting Started Guide 3-29

XSR(config)#crypto map acme 91
XSR(config-crypto-m)#set transform-set esp-3des-sha
XSR(config-crypto-m)#match address 191
XSR(config-crypto-m)#set peer 112.16.244.7

XSR(config)#crypto map acme 90
XSR(config-crypto-m)#set transform-set esp-3des-sha
XSR(config-crypto-m)#match address 190
XSR(config-crypto-m)#set peer 112.16.244.9

Configuring VPN at Interface Mode and Setting Up RIP

The following commands configure the LAN physical ports as follows: GigabitEthernet port 1 is
designated Internal LAN, with the specified IP address/subnet as the designated network.
GigabitEthernet port 2 is named VPN Cloud, assigned crypto map acme with associated ACLs, and
directed not to transmit or receive RIP updates. Also, RIP routing and four IP routes are
configured as well as a VPN interface for AAA service.

XSR(config)#interface gigabitethernet 1
XSR(config-if)#description “Internal LAN”
XSR(config-if)#no shutdown
XSR(config-if)#ip address 112.16.1.221/24

XSR(config)#interface gigabitethernet 2
XSR(config-if)#crypto map acme
XSR(config-if)#description “VPN Cloud”
XSR(config-if)#no shutdown
XSR(config-if)#ip access-group 101 in
XSR(config-if)#ip access-group 101 out
XSR(config-if)#ip address 112.16.244.10/24

XSR(config)#interface vpn 57 multi-point
XSR(config-int-vpn)#ip address 192.168.2.1 255.255.255.0

XSR(config)#router rip
XSR(config-router)#network 112.16.10.0
XSR(config-router)#passive-interface gigabitethernet 2
XSR(config-router)#no receive-interface gigabitethernet 2
XSR(config-router)#distribute-list 1 out vpn 1

XSR(config)#ip route 0.0.0.0 0.0.0.0 112.16.244.9
XSR(config)#ip route 112.16.72.0/24 112.16.244.9
XSR(config)#ip route 112.16.76.0/24 112.16.244.7
XSR(config)#ip route 112.16.80.0/24 112.16.244.5