Avaya G430 Manual page 538
Administering branch gateway
Hide thumbs
Also See for G430:
- Installation and upgrades (155 pages) ,
- Deploying and upgrading (144 pages) ,
- Quick start for hardware (31 pages)
Table of Contents
Advertisement
IPSec VPN
11. Define the egress access control list to protect the device from sending traffic that
12. Activate the crypto list, the ingress access control list, and the egress access control
VPN DNS topology example
!
! Define the Private Subnet1
!
interface vlan 1
description "Branch Subnet1"
ip address
icc-vlan
pmi
exit
!
! Define the Private Subnet2
!
interface vlan 2
description "Branch Subnet2"
ip address
exit
!
! Define the Public Subnet
!
interface fastethernet 10/3
ip address 100.0.0.2 255.255.255.0
exit
538
Administering Avaya G430 Branch Gateway
d. Permit ICMP traffic, to support PMTU application support, for a better
fragmentation process
e. For each private subnet, add a permit rule, with the destination being the private
subnet and the source being any.
This traffic will be allowed only if it tunnels under the VPN, because of the crypto
list.
f.
Define all other traffic (default rule) as deny in order to protect the device from
non-secure traffic
is not allowed to the public interface (optional):
a. Permit DNS traffic to allow clear (unencrypted) DNS traffic
b. Permit IKE Traffic (UDP port 500) for VPN control traffic (IKE)
c. Permit ESP traffic (IP Protocol ESP) for VPN data traffic (IPSEC)
d. Permit ICMP traffic, to support PMTU application support, for a better
fragmentation process
e. For each private subnet, add a permit rule, with the source being the private
subnet, and the destination being any
f.
Define all other traffic (default rule) as deny in order to protect the device from
sending non-secure traffic
list, on the public interface.
10.0.10.1 255.255.255.0
10.0.20.1 255.255.255.0
Comments? infodev@avaya.com
October 2013
Hide quick links:
Advertisement
Table of Contents
