Configuring IPSec VPN
G250/G350 R2.2 VPN capabilities
R2.2 VPN supports the following:
Standards-based IPSec implementation [RFC 2401-RFC 2412...]
●
Standard encryption and authentication algorithms for IKE and ESP: DES,TDES, AES
●
(128bit), MD5-HMAC, SHA1-HMAC, IKE DH groups 1 &2
ESP for data protection and IKE (main mode) for key exchange
●
Quick Mode key negotiation with Perfect Forward Secrecy (PFS)
●
IKE peer authentication through pre-shared secret
●
Multiple IPSec peers (up to 50) for Mesh and hub-and-spoke IPSec topologies
●
IPSec protection can be applied on any output port and on many ports concurrently, for
●
maximum installation flexibility
Per-interface security policy with bypass capability
●
IPsec is integrated into the router and can be used with other features such as GRE
●
tunneling
Random pre-shared key generation service
●
Load balancing and resiliency achievable through integration with core routing features
●
such as backup interfaces and GRE
G250/G350 R3.0 VPN capabilities
R3.0 VPN supports the following, in addition to the R2.2 capabilities:
Dynamic local peer IP address support through IKE aggressive mode and self-identity
●
FQDN
Note:
The G250/G350 can acquire a dynamic IP address through PPPoE or DHCP
Note:
Enhanced remote peer failover support-
●
Specifying a hostname rather then IP address for the remote peer, thus allowing for a
●
DNS server to perform a resiliency scheme when providing the IP address mapping.
Specifying a group of redundant remote peers, rather then a single peer.
●
Support for a standard based method called "Dead Peer Detection", or DPD for short,
●
which enables fast and efficient detection of connection failure at the IKE level.
Detection of a dead remote peer through object tracking. For information about object
●
tracking, see
358 Administration for the Avaya G250 and Avaya G350 Media Gateways
Object tracking
on page 171.