Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

Tunnel Commands

14-130 Configuring the VPN

set peer

ThiscommandspecifiesthephysicalIPaddressoftheremoteVPNgateway.

Syntax

set peer ip-address

Syntax of the “no” Form

no set peer ip-address

Mode

Tunnelconfiguration:XSR#(config-tms-tunnel)#

Example

ThefollowingexamplesetstheIPaddressoftheremoteVPNgateway:

XSR(config)#interface vpn 57 multi-point

XSR(config-int<vpn>)#tunnel ACME_VPN

XSR#(config-tms-tunnel)#set peer ip-address 192.168.57.9

set protocol

ThiscommanddefinestheVPNtunnelingprotocol‐GenericRoutingEncapsulation(GRE)orIP

Security(IPSec)‐usedtocreatethetunnel.

IPSecacceptsoneoftwosub‐commandsthatcreateaClientorNetworkExtensionmodesite‐to‐

sitetunnel.ClientmodecreatesNATontheVPNinterfacetohidetheaddresses

ofthetrusted

network(attachedtoF1).IPSecsecuritypolicyencryptsdatapassingtoandfromtheIPaddress

assignedtothetunnel.NetworkextensionmodecreatesIPSecsecuritypoliciesthatencrypttraffic

flowingtothetrustednetworkviathetunnelinadditiontosecuringtrafficflowingtothetunnelʹ

s

assignedaddress.

Syntax

set protocol {gre | ipsec}[client-mode | network-extension-mode]

Syntax of the “no” Form

Thenoformofthiscommandnegatestheprotocolselectedearlier:

no set protocol

ip-address

IPaddressofthepeer.

gre

GREtunnelingprotocol.

ipsec

IPSectunnelingprotocol.

client-mode

InitiatesaClient‐modeEZ‐IPSectunnel.

network-extension-mode

InitiatesaNEMEZ‐IPSectunnel.

previous next