Motorola RF Switch CLI Reference Guide
5-34
4. Create and configure another VLAN interface named vlan3.
RFSwitch(config)#interface vlan 3
RFSwitch(config-if)#ip address dhcp
Use the commands below to configure IPSec VPN on the switch:
1. Create an Extended ACL.
RFSwitch(config-ext-nacl)#ip access-list extended 101
2. Configure the local subnet and remote subnet as interesting traffic.
RFSwitch(config-ext-nacl)# permit ip 10.1.1.0/24 any
RFSwitch(config-ext-nacl)# permit ip 192.168.0.0/24 any
3. Configure a private pool address.
RFSwitch(config)# ip local pool lo 192.168.0.2 hi 192.168.0.10
4. Specify DNS/WINS for the remote client.
RFSwitch(config)#crypto isakmp client configuration group
default
RFSwitch(config-crypto-group)#dns 10.1.1.1
RFSwitch(config-crypto-group)#wins 10.1.1.1
5. Specify the authentication type.
RFSwitch(config)# aaa vpn-authentication local
RFSwitch(config)# local username harry password symbol123
6. Create a transform set.
RFSwitch(config)#crypto ipsec transform-set windows esp-3des
esp-sha-hmac
RFSwitch(config-crypto-ipsec)#mode transport
7. Specify a dynamic crypto map.
RFSwitch(config)#crypto map TestMap 30 ipsec-isakmp dynamic
RFSwitch(config-crypto-map)#set peer 0.0.0.0
RFSwitch(config-crypto-map)#match address 101
RFSwitch(config-crypto-map)#set transformset windows
RFSwitch(config-crypto-map)#set remote-type ipsec-l2tp
8. Apply the crypto map to interface vlan2.
RFSwitch(config)#interface vlan2
RFSwitch(config-if)cryto map TestMap
9. Upon a successful connection, the XP client will obtain a virtual IP address.
To Next Page
Loading...
