Coordinating With The Vpn Peer; Configuring Isakmp Policies - Avaya G250 Administration

Configuring IPSec VPN

Coordinating with the VPN peer

Before commencing IPSec VPN configuration, you must resolve jointly with your VPN peer the
basic parameters so that IPSec VPN can be set up symmetrically in the two peers. If the IPSec
VPN configuration in the two peers does not match, no VPN is created.
Note:
If you will be defining a peer-group which maintains a list of redundant peers,
Note:
each of the peers in the group must be configured to match the G250/G350.
The basic parameters include:
The IKE phase 1 parameters (as defined in the ISAKMP policy, see
●
policies on page 368)
The IKE phase 2 parameters (as defined in the transform-set, see
●
transform-sets
The ISAKMP peer parameters (see
●
Which packets should be secured (as defined in the crypto-list, see
●
crypto-lists
The peer addresses. For each peer, the local address entered in the crypto-list (see
●
Configuring crypto-lists
peer (see
NAT Traversal, if your installation includes one or more NAT devices between the local and
●
remote VPN peers. See
See IPSec VPN logging
both peers so as to pinpoint the problem in case of a mismatch between the two peers.

Configuring ISAKMP policies

An ISAKMP policy defines the IKE phase 1 parameters.
!
Important:
You must define at least one ISAKMP policy.
Important:
Note:
You can configure up to 20 ISAKMP policies.
Note:
368 Administration for the Avaya G250 and Avaya G350 Media Gateways
on page 369)
on page 377)
on page 377) should match the ISAKMP peer address in the other
Configuring ISAKMP peer information
Configuring global parameters
on page 384 for information on how to view IPSec VPN configuration in
Configuring ISAKMP peer information
on page 371).
on page 380.
Configuring ISAKMP
Configuring
on page 371).
Configuring