Avaya G430 Manual page 525
Administering branch gateway
Hide thumbs
Also See for G430:
- Installation and upgrades (155 pages) ,
- Deploying and upgrading (144 pages) ,
- Quick start for hardware (31 pages)
Table of Contents
Advertisement
2. Configure the VPN Hub (Main Office) as follows:
Traffic
direction
Ingress
Ingress
Ingress
Ingress
Ingress
Egress
Egress
Egress
Egress
Administering Avaya G430 Branch Gateway
- DSCP = bearer > Route: WAN
- DSCP = control > Route: 1. WAN 2. DBR
Note:
For information about PBR, see
• The VPN policy portion for the branch is configured as a mirror image of the
branch
• The ACL portion for the branch is a mirror image of the branch, with some
minor modifications
• Static routing is configured as follows:
Branch subnets > Internet interface
• The PBR portion for the branch is configured as follows, on most interfaces:
- Destination IP = branch VoIP subnets or GW address (PMI), DSCP =
bearer > Route: WAN
- Destination IP = branch VoIP subnets or GW address (PMI), DSCP =
control > Route: 1. WAN 2. DBR
• ACM is configured to route voice calls through PSTN when the main VoIP trunk
is down.
Hub-and-spoke with VPN
IKE (UDP/500) from remote tunnel endpoint to local tunnel
endpoint
ESP/AH from remote tunnel endpoint to local tunnel endpoint
Remote GRE tunnel endpoint to local GRE tunnel endpoint
Allowed ICMP from any IP address to local tunnel endpoint
Default
IKE (UDP/500) from local tunnel endpoint to remote tunnel
endpoint
Local GRE tunnel endpoint to remote GRE tunnel endpoint
All allowed services from any local subnet to any IP address
Allowed ICMP from local tunnel endpoint to any IP address
Policy-based routing
ACL parameter
IPSec VPN
on page 587.
ACL
value
Permit
Permit
Permit
Permit
Deny
Permit
Permit
Permit
Permit
October 2013
525
Hide quick links:
Advertisement
Table of Contents
