Avaya G430 Manual page 517
Administering branch gateway
Hide thumbs
Also See for G430:
- Installation and upgrades (155 pages) ,
- Deploying and upgrading (144 pages) ,
- Quick start for hardware (31 pages)
Table of Contents
Advertisement
Traffic
direction
Ingress
Ingress
Egress
Egress
Egress
Egress
Egress
Egress
Egress
crypto isakmp policy 1
encryption aes
hash sha
group 2
exit
crypto isakmp peer address <Main Office Public Internet Static IP
pre-shared-key
isakmp-policy 1
exit
crypto isakmp peer address <Second Branch Office Public Internet Static
pre-shared-key
isakmp-policy 1
exit
crypto ipsec transform-set ts1 esp-3des esp-sha-hmac
set pfs 2
exit
crypto map 1
set peer <Main Office Public Internet Static IP Address>
set transform-set ts1
exit
crypto map 2
set peer <Second Branch Office Public Internet Static IP Address>
set transform-set ts1
Administering Avaya G430 Branch Gateway
ACL parameter
All allowed services from any IP
address to any local subnet
Default
IKE from Branch IP to Main
Office IP
ESP from Branch IP to Main
Office IP
IKE from Branch IP to First
Branch IP
ESP from Branch IP to First
Branch IP
ICMP from local tunnel endpoint
to any IP address
All allowed services from any
local subnet to any IP address
Default
Mesh VPN topology example
Branch Office 1 configuration
Address>
<secret key>
IP Address>
<secret key 2>
ACL
Description
value
Permit
Due to the definition of the VPN
Policy, this will be allowed only if
traffic comes over ESP
Deny
-
Permit
-
Permit
-
Permit
This enables the PMTUD
application to work
Permit
This traffic is tunnelled using
VPN
Permit
This enables the PMTUD
application to work
Permit
This traffic is tunnelled using
VPN
Deny
-
IPSec VPN
October 2013
517
Hide quick links:
Advertisement
Table of Contents
