Configuring IPSec VPN
4. All allowed services from any IP address to any local subnet -> Permit
Note:
Due to the definition of the VPN Policy, this will be allowed only if traffic comes
Note:
over ESP.
5. Default VPN policy-> Deny
Egress:
1. IKE -> Permit
2. ESP -> Permit
3. ICMP -> Permit
Note:
This allows the PMTUD application to work.
Note:
4. All allowed services from any local subnet to any IP address -> Permit
Note:
This traffic is tunnelled using VPN.
Note:
5. Default -> Deny
2. Configure the VPN Hub (Main Office) as follows:
Static routing: Branch subnets -> Internet interface.
●
The VPN policy portion for the branch is configured as a mirror image of the branch, as
●
follows:
Traffic from any to branch local subnets -> encrypt, using tunnel mode IPSec.
The remote peer is the VPN Spoke (Branch Internet address).
388 Administration for the Avaya G250 and Avaya G350 Media Gateways