Avaya G250 Administration page 398
Media gateway
Hide thumbs
Also See for G250:
- Administration manual (840 pages) ,
- Reference (812 pages) ,
- Administration (720 pages)
Table of Contents
Advertisement
Configuring IPSec VPN
5. ICMP from local tunnel endpoint to any IP address -> Permit
Note:
This allows the PMTUD application to work.
Note:
6. All allowed services from any local subnet to any IP address-> Permit
Note:
This traffic is tunnelled using VPN.
Note:
7. Default -> Deny
2. Configure branch office 2 as follows:
The default gateway is the Internet interface.
●
VPN policy is configured on the Internet interface egress as follows:
●
Traffic from the local subnets to the First Spoke subnets -> encrypt, using tunnel mode
●
IPSec, with the remote peer being the First Spoke.
Traffic from the local subnets to any IP address -> encrypt, using tunnel mode IPSec,
●
with the remote peer being the Main Office (VPN hub)
An access control list (ACL) is configured on the Internet interface to allow only the VPN
●
/ ICMP traffic, as follows:
Note:
For information about using access control lists, see
Note:
policy
Ingress:
1. IKE from Main Office IP to Branch IP -> Permit
2. ESP from Main Office IP to Branch IP -> Permit
3. IKE from First Branch IP to Branch IP -> Permit
4. ESP from First Branch IP to Branch IP -> Permit
5. ICMP from any IP address to local tunnel endpoint -> Permit
Note:
This allows PMTUD application to work.
Note:
6. All allowed services from any IP address to any local subnet -> Permit
Note:
Due to the definition of the VPN Policy, this will be allowed only if traffic comes
Note:
over ESP.
7. Default -> Deny
398 Administration for the Avaya G250 and Avaya G350 Media Gateways
on page 441.
Chapter 19: Configuring
Advertisement
Table of Contents
