Carbonwind.net
Forefront TMG
ISA Server
Vyatta OFR
VPN
Virtualization
Firewalls
Cisco
Miscellaneous
Wireless

 13.04.2008
Vyatta Configuration


set interfaces ethernet eth0 address 192.168.50.2/24
set interfaces ethernet eth1 address 192.168.10.1/24
set service ssh protocol-version 2
commit

set system host-name HQ
set protocols static route 0.0.0.0/0 next-hop 192.168.50.1

set service nat rule 10 type masquerade
set service nat rule 10 source address 192.168.10.0/24
set service nat rule 10 outbound-interface eth0
commit

set interfaces loopback lo address 192.168.200.1/24
set interfaces loopback lo address 192.168.210.1/24
commit

set interfaces tunnel tun1
set interfaces tunnel tun1 address 192.168.111.1/24
set interfaces tunnel tun1 description "IPIP Tunnel to Branch1"
set interfaces tunnel tun1 encapsulation ipip
set interfaces tunnel tun1 local-ip 192.168.200.1
set interfaces tunnel tun1 remote-ip 192.168.220.1

set interfaces tunnel tun2
set interfaces tunnel tun2 address 192.168.121.1/24
set interfaces tunnel tun2 description "IPIP Tunnel to Branch2"
set interfaces tunnel tun2 encapsulation ipip
set interfaces tunnel tun2 local-ip 192.168.210.1
set interfaces tunnel tun2 remote-ip 192.168.230.1

set vpn ipsec ipsec-interfaces interface eth0

set vpn ipsec ike-group IKE-IPIP proposal 1
set vpn ipsec ike-group IKE-IPIP proposal 1 encryption aes128
set vpn ipsec ike-group IKE-IPIP proposal 1 hash sha1
set vpn ipsec ike-group IKE-IPIP proposal 1 dh-group 5
set vpn ipsec ike-group IKE-IPIP lifetime 28800

set vpn ipsec esp-group ESP-IPIP proposal 1
set vpn ipsec esp-group ESP-IPIP proposal 1 encryption aes128
set vpn ipsec esp-group ESP-IPIP proposal 1 hash sha1
set vpn ipsec esp-group ESP-IPIP pfs
set vpn ipsec esp-group ESP-IPIP lifetime 3600

set vpn ipsec site-to-site peer 192.168.50.3 authentication mode pre-shared-secret
edit vpn ipsec site-to-site peer 192.168.50.3
set authentication pre-shared-secret 12345
set ike-group IKE-IPIP
set local-ip 192.168.50.2
set tunnel 1 local-subnet 192.168.200.0/24
set tunnel 1 remote-subnet 192.168.220.0/24
set tunnel 1 esp-group ESP-IPIP
top

set vpn ipsec site-to-site peer 192.168.50.4 authentication mode pre-shared-secret
edit vpn ipsec site-to-site peer 192.168.50.4
set authentication pre-shared-secret 67890
set ike-group IKE-IPIP
set local-ip 192.168.50.2
set tunnel 1 local-subnet 192.168.210.0/24
set tunnel 1 remote-subnet 192.168.230.0/24
set tunnel 1 esp-group ESP-IPIP
top
commit

set protocols ospf area 100
set protocols ospf area 100 network 192.168.10.0/24
set protocols ospf area 100 network 192.168.111.0/24
set protocols ospf area 100 network 192.168.121.0/24
set protocols ospf log-adjacency-changes
commit
save