Allied Telesis AlliedWare AR440S Manual de usuario

C613-16049-00 REV Ewww.alliedtelesis.comAlliedWareTM OSHow To |IntroductionIn this How To Note’s example, a headquarters office has VPNs to two branch

HeadquartersPage 10 | AlliedWare™ OS How To Note: VPNs for Corporate Networksremote security officers (RSOs). RSO definitions specify trusted remote a

HeadquartersPage 11 | AlliedWare™ OS How To Note: VPNs for Corporate NetworksCheck that you have a 3DES feature licence for the ISAKMP policies.show f

HeadquartersPage 12 | AlliedWare™ OS How To Note: VPNs for Corporate NetworksCreate IPsec policies to bypass IPsec for ISAKMP messages and the “port f

HeadquartersPage 13 | AlliedWare™ OS How To Note: VPNs for Corporate Networksz the branch office policies use a different encryption transform—3des2ke

HeadquartersPage 14 | AlliedWare™ OS How To Note: VPNs for Corporate Networkscan trust traffic arriving on the dynamic interfaces because—in this exam

HeadquartersPage 15 | AlliedWare™ OS How To Note: VPNs for Corporate NetworksThe rule for the private interface uses both source and destination addre

Page 16 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 1How to configure the AR440S router at branch office 1Before you begin

Page 17 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 1Create your Asymmetric Digital Subscriber Line (ADSL) connection. Asyn

Page 18 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 1If you need remote management access, we strongly recommend that you u

Page 19 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 1You need to configure dynamic PPP over L2TP to accept incoming Windows

Page 2 | AlliedWare™ OS How To Note: VPNs for Corporate NetworksHow to make voice traffic high priority ...

Page 20 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 1z (for site-to-site VPNs) 3DESOUTER as the encryption algorithm for ES

Page 21 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 1Create your ISAKMP pre-shared key. This key is used when initiating yo

Page 22 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 1can trust traffic arriving on the dynamic interfaces because—in this e

Page 23 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 1The rule for the private interface uses both source and destination ad

Page 24 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 2How to configure the AR440S router at branch office 2Before you begin

Page 25 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 2Create your Asymmetric Digital Subscriber Line (ADSL) connection. Asyn

Page 26 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 2If desired, set up the router as a DHCP server for the branch office 2

Page 27 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 2Check that you have a 3DES feature licence for the ISAKMP policy.show

Page 28 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 2Create another IPsec policy for direct Internet traffic from the headq

Page 29 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 2Branch office 2 does not need rule 3 that the other sites have, becaus

Page 3 | AlliedWare™ OS How To Note: VPNs for Corporate NetworksAbout IPsec modes: tunnel and transportThis solution uses two types of VPN:z IPsec tun

Page 30 | AlliedWare™ OS How To Note: VPNs for Corporate NetworksHow to make voice traffic high priorityThis is an optional enhancement to the configu

HeadquartersPage 31 | AlliedWare™ OS How To Note: VPNs for Corporate NetworksHow to prioritise outgoing VoIP traffic from the headquarters routerAdd t

HeadquartersPage 32 | AlliedWare™ OS How To Note: VPNs for Corporate NetworksApply the policy to the VPN between headquarters and branch office 1.set

Page 33 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 1How to prioritise outgoing VoIP traffic from the branch office 1 route

Page 34 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 1This example creates four triggers, which allows for up to four simult

Page 35 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 2How to prioritise outgoing VoIP traffic from the branch office 2 route

Page 36 | AlliedWare™ OS How To Note: VPNs for Corporate NetworksHow to test your VPN solutionIf the following tests show that your tunnel is not work

Page 37 | AlliedWare™ OS How To Note: VPNs for Corporate NetworksConfiguration scripts for headquarters and branch officesThis section provides script

HeadquartersPage 38 | AlliedWare™ OS How To Note: VPNs for Corporate NetworksHeadquarters VPN access concentrator's configuration# System configu

HeadquartersPage 39 | AlliedWare™ OS How To Note: VPNs for Corporate Networks# DHCP configuration# If desired, use the router as a DHCP server.create

Page 4 | AlliedWare™ OS How To Note: VPNs for Corporate NetworksBackground: NAT-T and policiesNAT-T NAT Traversal (NAT-T) can be enabled on any of our

HeadquartersPage 40 | AlliedWare™ OS How To Note: VPNs for Corporate Networks# Create a group of SA specifications for the roaming VPN clients.# These

HeadquartersPage 41 | AlliedWare™ OS How To Note: VPNs for Corporate Networks# FIREWALL configurationenable firewallcreate firewall policy=hqenable fi

HeadquartersPage 42 | AlliedWare™ OS How To Note: VPNs for Corporate Networks# If you configured SSH, create a rule for SSH traffic.add firewall polic

Page 43 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 1Branch office 1 AR440S configuration—the PPPoA site with VPN client ac

Page 44 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 1# allows incoming roaming VPN client connections. The clients can# onl

Page 45 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 1# Log configuration# If desired, forward router log entries to a UNIX-

Page 46 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 1# ISAKMP Configurationcreate isakmp pol=hq pe=200.200.200.1 key=1 send

Page 47 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 1# Create a pair of rules to allow office-to-office payload traffic to#

Page 48 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 2Branch office 2 AR440S configuration—the PPPoEoA site with a dynamical

Page 49 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 2# DHCP configuration# If desired, use the router as a DHCP server.crea

Page 5 | AlliedWare™ OS How To Note: VPNs for Corporate NetworksPolicies andinterfacesIt is useful to keep in mind that you apply firewall rules and I

Page 50 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 2# Create an IPsec policy for branch 2 to headquarters VPN traffic.crea

Page 51 | AlliedWare™ OS How To Note: VPNs for Corporate Networksbranch office 2# If you use telnet instead (not recommended), create a rule for it.#

Page 52 | AlliedWare™ OS How To Note: VPNs for Corporate NetworksExtra configuration scripts for lab testing the VPN solutionThis section provides add

USA Headquar ters | 19800 Nor th Cr eek Parkwa y | Suite 200 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895

Page 6 | AlliedWare™ OS How To Note: VPNs for Corporate NetworksHow to configure VPNs in typical corporate networksThis section describes a typical co

Page 7 | AlliedWare™ OS How To Note: VPNs for Corporate Networks2. The branch office 1 router, which provides:z an ADSL PPPoA Internet connection. Not

HeadquartersPage 8 | AlliedWare™ OS How To Note: VPNs for Corporate NetworksHow to configure the headquarters VPN access concentratorBefore you begin

HeadquartersPage 9 | AlliedWare™ OS How To Note: VPNs for Corporate NetworksGive a fixed public address to the interface eth0, which is the Internet c