Avaya IP Office (R3.0) User Manual page 39

Task
Step 6
For IP Office A perform the
following.
IPSec Policies tab
• Protocol = ESP
• Encryption = DES
• Authentication = MD5
• Life Type = Seconds
• Life = 86400
Step 7
For IP Office B create an IPSec
tunnel.
Main tab
• Name = IPSec_Tunnel
• Local IP Address = 192.168.50.0
• Local IP Mask = 255.255.255.0
• Gateway - <LocalInterface>
• Remote IP Address =
192.168.43.0
• Remote IP Mask = 255.255.255.0
• Gateway = 217.37.65.126
Step 8
For IP Office B use the parameters
shown in Steps 5 and 6 to complete
the IKE and IPSec form
configurations.
Step 9
Check to see if the tunnel is up.
Step 10
For VoIP configuration refer to Part
3 VoIP Configuration on page 53
IP Office (R3.0) Virtual Private Networking
40DHB0002UKER Issue 3 (4th February 2005)
Configuration Examples - Page 39
Description
Protocol set to Encapsulating Security Payload.
Encryption set to DES
Authentication set to MD5
This is the time period before a new key is generated
(86400 represents one day in seconds).
A unique name for the IPSec tunnel is required.
The Local IP Address/Mask is the range of IP
addresses you want to secure through the tunnel.
The Remote IP Address is the remote networks IP
address range to be secured through the tunnel.
The Gateway is the IPSec tunnel endpoint address.
In order for an IPSec SA to be established between
two systems the IKE and IPSec Policies form must be
identical for each peer.
Using a protocol analyzer, check to see that the six
ISAKMP Main Mode messages appear.
Check to see that four Quick Mode messages appear.
This Signifies that the IPSec Tunnel is up.
When passing data through the tunnel you should see
ESP packets on the protocol analyzer.
The tunnel will be activated when routable traffic is
presented.
Before beginning the VoIP configurations for this
example it must be possible to ping between the
Internal LANs
Do not proceed until all tests are successful.
Configuration Examples - Page 39
Part 2: VPN configuration