Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

Interface VPN Commands

XSR CLI Reference Guide 14-123

• ip multicast-redirect - NativeIPSectunnelsattachedtoVPNinterfaceswillnoteasily

forwardmulticasttrafficmulticastpacketredirectiontothe unicastaddressoftheremote

tunnelendpoint.Refertopage14‐126forthecommanddefinition.

•

ip address ‐DefinesanexplicitIPaddressonthisvirtualinterface.Refertopage5‐151for

thecommanddescription.

•

ip nat source‐Controls NATonpacketsenteringthisVPNport.Refertopage5‐186forthe

commanddescription.

•

ip ripcommands‐ConfiguresRIPoptionsontheVPNinterface.Refertothe“Configuring

theInternetProtocol”onpage 5‐83chapterfordescriptionsofRIPcommands.

•

ip split-horizon‐SetsRIPsplit‐horizonoptionsontheVPNport.Refertopage5‐130for

thecommanddescription.

•

ip unnumbered ‐CreatesanunnumberedVPNinterface.Refertopage5‐166forthe

commanddescription.

•

service-policy‐AttachesapolicymaptoanVPNoutputorinputinterface.Refertopage

14‐127forthecommanddescription.

•

tunnel‐CreatesatunneltoaVPNgateway.Refertopage14‐127forthecommand

description.

SomeVPNconfigurationpropertiesareassociatedwithaspecificnetworkinterfaceorrequire

creationofvirtualnetworkinterfacesthatrepresenttunnels.

ThissectiondefinestheVPN‐relatedsubcommandsprovidedbythe 

interface vpncommand.

AVPNinterfaceisaspecialformofavirtualnetworkinterfacethatrepresentsanIPSectunnel

withEZ‐IPSecautomaticconfiguration,L2TP,orPPTPtunnel(s).ItisrequiredtosupportVPN

tunnelswhichhaveIPaddresses.Thesetunnelsshouldnotbeconfusedwithtunnelmodein

IPSec.Atunnel

onaVPNinterfacehasIPaddressesatbothendsandisusedbytherouting

subsystemlikeanyothernetworkinterface.

AVPNinterfacecanbeconfiguredasfollows:

• interface vpn 4 point-to-point

• interface vpn 3 multi-point

Point‐to‐Pointinterfacesareusedwhendefininganoutboundtunneltoanothergateway.This

interfacetype,inconjunctionwiththe

tunnelcommand,issuitedtoinitiatingoutboundtunnels

toothersecuritygatewaysthatsupportdynamicIPaddressassignment.

EachoutboundtunnelisassociatedwithaVPNinterface.Thatinterface,whichcanbeconfigured

intotheroutingprotocols,isconsidereddownuntilthetunnelhasconnectedandanIPaddress

hasbeenobtained

fromtheremoteVPNgateway.

Note: The tunnel command is a sub-command of interface vpn.

Note: Only one tunnel may be defined per point-to-point VPN interface.

previous next