Avaya G430 Manual page 509

ip-rule default
exit
interface vlan 1.1
ip-address <Branch Subnet1> <Branch Subnet1 Mask>
pmi
icc-vlan
exit
interface vlan 1.2
ip-address <Branch Subnet2> <Branch Subnet2 Mask>
exit
interface FastEthernet 10/3
encapsulation PPPoE
traffic-shape rate 256000
ip Address
network mask>
ip crypto-group
ip access-group
ip access-group
exit
ip default-gateway
When the number of static IP addresses in an organization is limited, the ISP allocates
temporary IP addresses to computers wishing to communicate over IP. These temporary
addresses are called dynamic IP addresses.
The Branch Gateway IPSec VPN feature provides dynamic local peer IP address support. To
work with dynamic local peer IP, you must first configure some prerequisites and then instruct
the Branch Gateway to learn the IP address dynamically using either PPPoE or DHCP
client.
Note:
When working with dynamic local peer IP, you must verify that it is the Branch Gateway that
initiates the VPN connection. The VPN peer cannot initiate the connection since it does not
know the Branch Gateway's IP address. To maintain the Branch Gateway as the initiator,
do one of the following:
• Specify continuous channel in the context of the VPN peer, to maintain the IKE phase
1 connection even when no traffic is sent (see
• Maintain a steady transmission of traffic by sending GRE keepalives or employing object
tracking.
Related topics:
Prerequisites for dynamic local peer IP
Configuring dynamic local peer IP on a PPPoE interface
Configuring dynamic local peer IP for a DHCP Client
Administering Avaya G430 Branch Gateway
destination-ip any
source-ip host <Branch Subnet2> <Branch Subnet2 Mask>
composite-operation Permit
exit
composite-operation deny
exit
<Branch Office Public Internet Static IP Address>
FastEthernet 10/3 high
Dynamic local peer IP
<Branch Office Public Internet
901
301 in
302 out
Continuous channel
on page 510
on page 511
on page 512).
on page 510
October 2013
IPSec VPN
509