Access Methods; Remote Access: User Group; Remote Access: Mode Configuration - Avaya 1000 Series Configuration Manual
Secure router
Hide thumbs
Also See for 1000 Series:
- Reference (700 pages) ,
- Manual (570 pages) ,
- Hardware installation and maintenance (262 pages)
Table of Contents
Advertisement
Internet service provider and then initiates a VPN connection to the IPSec security gateway
(the VPN server) of the corporate office, which is typically an always-on Internet connection.
One of the main limitations in providing remote access is the typical remote user connects with
a dynamically assigned IP address provided by the ISP. IPSec uses the IP address of users
as an index to apply the Internet Key Exchange (IKE) and IPSec policies to be used for
negotiation with each peer. When the VPN client has a dynamic IP address, the VPN server
cannot access the policies based on the IP address of the client. Instead, the VPN server uses
the identity of the VPN client to access the policies.
Access Methods
Avaya supports two types of IPSec remote access using VPNs.
Remote Access: User Group
One of the methods to achieve IPSec remote access in Avaya is the user group method. In
this method, the administrator creates an IKE policy for a logical group of users such as a
department in an organization. Each user in the group is identified with unique information that
is uniquely configured in the IKE policy. Also, an IPSec template is attached to the user group.
Once the VPN user is authenticated using IKE, the users dynamically-assigned IP address is
added to the destination address field in the IPSec template attached to the user group. The
VPN user now has the required IPSec policy that allows access through the gateway to the
corporate LAN.
Remote Access: Mode Configuration
The other method to achieve IPSec remote access in Avaya is the mode configuration method.
This method makes the VPN client an extension of the LAN being accessed by the VPN client.
The remote client appears as a network accessing some resource behind the VPN server.
The VPN client is allocated a private IP address by the VPN server and the client uses this as
the source IP address in the inner IP header in tunnel mode.
In tunnel mode, at each IKE end point, the IP traffic to be protected is completely encapsulated
with another IP packet. In this, the inner IP header remains the same as seen in the original
traffic to be protected. In the outer IP header, the source and destination addresses are the
addresses of the tunnel end points.
Avaya Secure Router 1000 Series Configuration Guide
Access Methods
December 2010
135
Advertisement
Table of Contents
Troubleshooting
