Installing Licenses - Avaya 1000 Series Configuration Manual

IPSec EXAMPLES
Typically, for a remote user, the source address of the outer IP header is the dynamic public
IP address provided by the ISP. When mode configuration is enabled, the source address of
the inner IP header is the private address allocated by the VPN server to the VPN client.
As in the case of user group method, the administrator creates an IKE policy for a logical group
of users such as a department in an organization. The identity information used to identify each
user uniquely is configured in the IKE policy. The IKE policy is attached to a mode configuration
record. The mode configuration record contains an IPSec policy template to be used for
creating dynamic IPSec policy. Also, the record contains one or more pools of private IP
addresses to be used for allocating the addresses to the VPN clients. Besides the private IP
address, the VPN server can also provide WINS and DNS server addresses.
Upon successful IKE authentication of a VPN client, the server checks whether the IKE policy
used to authenticate the VPN client is enabled for mode configuration. If so, the server allocates
a private IP address from one of the IP pools in the mode configuration record to the VPN
client. The destination address field in the IPSec template attached to the user group is filled
in with the private IP address allocated to the VPN client and this is installed as an IPSec policy.
This guide provides information and examples on how to configure IPSec.

Installing Licenses

Licenses control access to:
Example
• Basic VPN Management (vpn_mgmt) — allows users to manage a remote Secure
Router.
• Advanced VPN (advance_vpn) — allows users to manage remote LANs.
To see the licenses available in this release, enter:
136 Avaya Secure Router 1000 Series Configuration Guide December 2010