Avaya G250 Administration page 397
Media gateway
Hide thumbs
Also See for G250:
- Administration manual (840 pages) ,
- Reference (812 pages) ,
- Administration (720 pages)
Table of Contents
Advertisement
Configuring the mesh VPN topology
This section describes how to configure the mesh VPN topology, followed by a detailed
configuration example.
To configure the mesh VPN topology:
1. Configure branch office 1 as follows:
The default gateway is the Internet interface.
●
VPN policy is configured on the Internet interface egress as follows:
●
Traffic from the local subnets to the second spoke subnets -> encrypt, using tunnel
●
mode IPSec, with the remote peer being the second spoke.
Traffic from the local subnets to any IP address -> encrypt, using tunnel mode IPSec,
●
with the remote peer being the main office (VPN hub).
An access control list (ACL) is configured on the Internet interface to allow only the VPN
●
/ ICMP traffic, as follows:
Note:
For information about using access control lists, see the chapter
Note:
policy
on page 441.
Ingress:
1. IKE from Main Office IP to Branch IP -> Permit
2. ESP from Main Office IP to Branch IP -> Permit
3. IKE from Second Branch IP to Branch IP -> Permit
4. ESP from Second Branch IP to Branch IP -> Permit
5. ICMP from any IP address to local tunnel endpoint -> Permit
Note:
This allows the PMTUD application to work.
Note:
6. All allowed services from any IP address to any local subnet -> Permit
Note:
Due to the definition of the VPN Policy, this will be allowed only if traffic comes
Note:
over ESP.
7. Default -> Deny
Egress:
1. IKE from Branch IP to Main Office IP -> Permit
2. ESP from Branch IP to Main Office IP -> Permit
3. IKE from Branch IP to Second Branch IP -> Permit
4. ESP from Branch IP to Second Branch IP -> Permit
Typical installations
Configuring
Issue 1.1 June 2005
397
Advertisement
Table of Contents
