Configuring Crypto-Lists - Avaya G250 Administration
Media gateway
Hide thumbs
Also See for G250:
- Administration manual (840 pages) ,
- Reference (812 pages) ,
- Administration (720 pages)
Table of Contents
Advertisement
Configuring crypto-lists
A crypto-list is an ordered list of ip-rules that control which traffic requires IPSec protection and
which does not, based on IP groups (source and destination IP addresses and wildcard). A
crypto-list is activated on an interface. The G250/G350 can have multiple crypto-lists activated
on different interfaces.
To configure a crypto-list:
1. Use the ip crypto-list command, followed by an index number between 901 and 999,
to enter the context of a crypto-list (and to create the list if it does not exist).
!
Important:
It is mandatory to create at least one crypto-list.
Important:
G350-001# ip crypto-list 901
G350-001(Crypto 901)#
2. Specify the local IP address for the IPSec tunnels derived from this crypto-list, using the
local-address command. The local address can be either the IP address or the name of
an IP interface of the device.
!
Important:
local-address is a mandatory parameter.
Important:
G350-001(Crypto 901)# local-address 192.168.49.1
Done!
Or
G350-001(Crypto 901)# local-address FastEthernet 10/2
Done!
Note:
Specifying the interface as a name is one of the prerequisites for working with
Note:
dynamic local peer IP addresses. For more information about working with
dynamic local peer IP addresses, see
3. Specify the name of the crypto-list using the name command.
G350-001(Crypto 901)# name "Public Network via ADSL"
Done!
Configuring a site-to-site IPSec VPN
Using dynamic local peer IP
Issue 1.1 June 2005
on page 392.
377
Advertisement
Table of Contents
