Avaya G430 Manual page 501

3. Use the ip crypto-group command, followed by the index of the crypto-group,
4. Optionally, you can set the following parameters:
5. Exit the interface context with the exit command.
Administering Avaya G430 Branch Gateway
• To configure a static IP address:
- Be sure to specify an IP address (not an interface name) as the local-
address in the crypto list (see
- Within the interface context, specify the IP address and mask using the
ip address command
For example:
Gxxx-001(config-if:FastEthernet 10/3)# ip address 192.168.49.1
25.255.255.0
• To configure a dynamic IP address, see
509
to assign a crypto-group to the interface.
Important:
ip crypto-group is a mandatory command.
• The crypto ipsec minimal-pmtu command is intended for advanced
users only. It sets the minimal PMTU value which can be applied to an SA
when the Branch Gateway participates in Path MTU Discovery (PMTUD) for
the tunnel pertaining to that SA.
• The crypto ipsec df-bit command is intended for advanced users only.
It sets the Do Not Fragment (DF) bit to either clear or copy mode:
- copy. The DF bit of the encapsulated packet is copied from the original
packet, and PMTUD is maintained for the IPSec tunnel.
- clear. The DF bit of the encapsulated packet is never set, and PMTUD is
not maintained for the IPSec tunnel. Packets traversing an IPSec tunnel
are pre-fragmented according to the MTU of the SA, regardless of their
DF bit. In case packets are fragmented, the DF bit is copied to every
fragment of the original packet.
For example:
Gxxx-001(config-if:FastEthernet 10/3)# ip crypto-group 901
Done!
Gxxx-001(config-if:FastEthernet 10/3)# crypto ipsec minimal pmtu 500
Done!
Gxxx-001(config-if:FastEthernet 10/3)# crypto ipsec df-bit copy
Done!
Configuring crypto lists
Dynamic local peer IP
IPSec VPN
on page 495)
on page
October 2013 501