Avaya G430 Manual page 537
Administering branch gateway
Hide thumbs
Also See for G430:
- Installation and upgrades (155 pages) ,
- Deploying and upgrading (144 pages) ,
- Quick start for hardware (31 pages)
Table of Contents
Advertisement
Configuring the VPN DNS topology
Procedure
1. Define the private VLAN1 and VLAN2 interfaces (IP address and mask), and define
2. Define the public FastEthernet10/3 interface (IP address and mask).
3. Define the default gateway (the IP of the next router).
4. Define the DNS name-server-list and the IP address of the DNS server.
5. Define the ISAKMP policy, using the crypto isakmp policy command.
6. Define the remote peer with FQDN, using the crypto isakmp peer address
7. Define the IPSEC transform-set, using the crypto ipsec transform-set
8. Define the crypto map, using the crypto map command.
9. Define the crypto list as follows:
10. Define the ingress access control list (ACL) to protect the device from Incoming
Administering Avaya G430 Branch Gateway
one of them as the PMI and ICC-VLAN.
Note:
Alternatively, you can use DHCP Client or PPPoE to dynamically learn the DNS
server's IP address. Use the ip dhcp client request command when using
DHCP client, or use the ppp ipcp dns request command when using
PPPoE.
command, including:
• the pre-shared key
• the ISAKMP policy
command.
a. Set the local address to the public interface name (for example, FastEthernet
10/3.0)
b. For each private interface, define an ip-rule using the following format:
• source-ip <private subnet> <private subnet wild card mast>. For
example, 10.10.10.0 0.0.0.255
• destination-ip any
• protect crypto map 1
traffic from the public interface, as follows:
a. Permit DNS traffic to allow clear (unencrypted) DNS traffic
b. Permit IKE Traffic (UDP port 500) for VPN control traffic (IKE)
c. Permit ESP traffic (IP Protocol ESP) for VPN data traffic (IPSEC)
IPSec VPN
October 2013
537
Hide quick links:
Advertisement
Table of Contents
