Avaya G430 Manual page 497

6. Exit ip-rule context with the exit command.
7. Repeat Steps 4 to 6 for every ip-rule you wish to define in the crypto list.
8. Exit crypto list context with the exit command.
Related topics:
Deactivating crypto lists to modify IPSec VPN parameters
Changing parameters of a crypto list.
About this task
Most IPSec VPN parameters cannot be modified if they are linked to an active crypto list.
Administering Avaya G430 Branch Gateway
how to secure the traffic. For instructions on configuring crypto maps, see
Configuring crypto maps
For example:
Gxxx-001(Crypto 901/ip rule 10)# description "vpn tunnel to uk
main office"
Done!
Gxxx-001(Crypto 901/ip rule 10)# source-ip 10.1.0.0 0.0.255.255
Done!
Gxxx-001(Crypto 901/ip rule 10)# destination-ip any
Done!
Gxxx-001(Crypto 901/ip rule 10)# protect crypto map 1
Done!
• For rules whose action is no protect, you can fine-tune the definition of
packets that match this rule by using the following commands. For a full
description of the commands see Avaya CLI Reference. Note that this fine-
tuning is not applicable for rules whose action is protect crypto map.
- ip-protocol. Specify the IP protocol to match.
- tcp. Specify the TCP settings to match.
- udp. Specify the UDP settings to match.
- icmp. Specify the ICMP protocol settings to match.
- dscp. Specify the DSCP to match.
- fragment. Specify whether this rule applies to non-initial fragments
only.
For example:
Gxxx-001(Crypto 901/ip rule 10)# exit
Gxxx-001(Crypto 901)#
For example:
Gxxx-001(Crypto 901)# exit
Gxxx-001#
Deactivating crypto lists to modify IPSec VPN parameters
on page 493.
on page 497
on page 498
IPSec VPN
October 2013 497