Avaya G430 Manual page 506
Administering branch gateway
Hide thumbs
Also See for G430:
- Installation and upgrades (155 pages) ,
- Deploying and upgrading (144 pages) ,
- Quick start for hardware (31 pages)
Table of Contents
Advertisement
IPSec VPN
2. Configure the VPN Hub (Main Office) as follows:
Traffic direction
Ingress
Ingress
Ingress
Ingress
Ingress
Egress
Egress
Egress
506
Administering Avaya G430 Branch Gateway
• The default gateway is the Internet interface
• VPN policy is configured on the Internet interface egress as follows:
- Traffic from the local subnets to any IP address is encrypted, using tunnel
mode IPSec
- The remote peer is the Main Office (the VPN Hub)
• An access control list (ACL) is configured on the Internet interface to allow only
the VPN / ICMP traffic. See
configuration settings.
• Static routing: Branch subnets > Internet interface
• The VPN policy portion for the branch is configured as a mirror image of the
branch, as follows:
- Traffic from any to branch local subnets > encrypt, using tunnel mode
IPSec
- The remote peer is the VPN spoke (Branch Internet address)
Note:
For information about using access control lists, see
Simple VPN topology
ACL parameter
IKE
ESP
ICMP
All allowed services
from any IP address to
any local subnet
Default VPN policy
IKE
ESP
ICMP
Comments? infodev@avaya.com
Simple VPN topology
ACL value
Description
Permit
-
Permit
-
Permit
This enables the PMTUD
application to work
Permit
Due to the definition of the
VPN Policy, this will be
allowed only if traffic comes
over ESP
Deny
-
Permit
-
Permit
-
Permit
This enables the PMTUD
application to work
on page 506 for
Policy lists
on page 557.
October 2013
Hide quick links:
Advertisement
Table of Contents
