Avaya G430 Manual page 515

2. Configure Branch Office 2 as follows:
3. Configure the VPN Hub (Main Office) as follows:
Traffic
direction
Ingress
Ingress
Ingress
Administering Avaya G430 Branch Gateway
• An access control list (ACL) is configured on the Internet interface to allow only
the VPN / ICMP traffic. See step 2 for configuration settings.
Note:
For information about using access control lists, see
• The default gateway is the Internet interface
• VPN policy is configured on the Internet interface egress as follows:
- Traffic from the local subnets to the First Spoke subnets -> encrypt, using
tunnel mode IPSec, with the remote peer being the First Spoke
- Traffic from the local subnets to any IP address -> encrypt, using tunnel
mode IPSec, with the remote peer being the Main Office (VPN hub)
• An ACL is configured on the Internet interface to allow only the VPN / ICMP
traffic. See Mesh VPN topology – Branch Office 2
configuration settings.
Note:
For information about using access control lists, see
• Static routing: Branch subnets -> Internet interface
• The VPN policy portion for the branch is configured as a mirror image of the
branch, as follows:
- Traffic from any IP address to branch local subnets -> encrypt, using
tunnel mode IPSec
- The remote peer is the VPN Spoke (Branch Internet address)
Mesh VPN topology – Branch Office 1
ACL parameter
IKE from Main Office IP to
Branch IP
ESP from Main Office IP to
Branch IP
IKE from Second Branch IP
to Branch IP
ACL Description
value
Permit -
Permit -
Permit -
IPSec VPN
Policy lists on page 557.
on page 516 for
Policy lists on page 557.
October 2013 515