Configuring IPSec VPN
Ingress:
1. IKE (UDP/500) from remote tunnel endpoints to local tunnel endpoint -> Permit
2. ESP/AH from remote tunnel endpoint to local tunnel endpoint -> Permit
3. Allowed ICMP from any IP address to local tunnel endpoint -> Permit
4. Default -> Deny
Egress:
1. IKE (UDP/500) from local tunnel endpoint to remote tunnel endpoint -> Permit
2. All allowed services from any local subnet to any IP address-> Permit
3. Allowed ICMP from local tunnel endpoint to any IP address -> Permit
4. Default -> Deny
Configure dynamic routing (OSPF or RIP) to run over local data interfaces (data VLANs)
●
and on the GRE interfaces.
2. Configure the VPN Hubs (Main Offices) as follows:
The VPN policy portion for the branch is configured as a mirror image of the branch.
●
The ACL portion for the branch is a mirror image of the branch, with some minor
●
modifications.
The GRE tunnel interface is configured for the branch.
●
Dynamic routing (OSPF or RIP) is configured to run over the GRE interface to the
●
branch.
418 Administration for the Avaya G250 and Avaya G350 Media Gateways