Hi, the XSR configuration is very similar to Cisco IOS routers. For a basic IPsec VPN (with NAT traversal) you can orient yourself on any Cisco configuration you find on the net.
A basic config from software version 7.5.0.0 looks as follows (no NAT-T): [This connects the networks 172.28.0.0/17 and 172.29.0.0/17.] --- snip --- !ACCESS-LIST access-list 100 permit ip 172.28.0.0 0.0.127.255 172.29.0.0 0.0.127.255 !IKE crypto isakmp proposal AES-PSK authentication pre-share encryption aes group 5 lifetime 3600 crypto isakmp peer 131.246.223.129 255.255.255.255 proposal AES-PSK !IPSEC crypto ipsec transform-set AES-PSK esp-aes esp-sha-hmac set pfs group2 no set security-association lifetime kilobytes crypto map LAB 10 set transform-set AES-PSK match address 100 set peer <IP_ADDRESS> aaa user <IP_ADDRESS> password <PASSWORD> !INTERFACE AND SUB-INTERFACE interface FastEthernet1 crypto map LAB --- snip --- HTH, Erik -- Dipl.-Inform. Erik Auerswald http://www.fg-networking.de/ [email protected] T:+49-631-4149988-0 M:+49-176-64228513 Gesellschaft für Fundamental Generic Networking mbH Geschäftsführung: Volker Bauer, Jörg Mayer Gerichtsstand: Amtsgericht Kaiserslautern - HRB: 3630 On Mon, May 18, 2015 at 10:07:52AM +0200, Frank Miller wrote: > Hi Everyone, > > we try to establish an VPN-connection between two XSR-1805 (FW: > 7.6.13.0007 with VPN and FW): > > - one XSR with an public-IP-adress (e.g. 213.141.213.x) > - one XSR with an private IP-address behind an ISP-Router (e.g. 171.121.1.x) > > Have everyone an manual or an sample config with step-for-step-instructions? > [?] > > Thanks > > Frank Miller > > --- > To unsubscribe from enterasys, send email to [email protected] with the body: > unsubscribe enterasys [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
