Configuring Isakmp Peer Information - Avaya G250 Administration
Media gateways
Hide thumbs
Also See for G250:
- Administration manual (840 pages) ,
- Reference (812 pages) ,
- Administration (620 pages)
Table of Contents
Advertisement
Configuring IPSec VPN
Use the mode command to set the IPSec mode (tunnel or transport).
●
Transport mode does not add an additional IP header (i.e., a tunnel header), but
rather uses the original packet's header. However, it can be used only when the VPN
tunnel endpoints are equivalent to the original packet's source and destination IP
addresses. This is generally the case when using GRE over IPSec. Note that
transport mode cannot be used unless the remote VPN peer supports that mode
and was configured to use it.
G350-001001(config-transform:ts1ts1)# set pfs group2
Done!
G350-001(config-transform:ts1)# set security-association lifetime seconds
7200
Done!
G350-001(config-transform:ts1)# set security-association lifetime
kilobytes 268435456
G350-001(config-transform:ts1)# mode tunnel
Done!
3. Exit the crypto transform-set context using the exit command.
G350-001(config-transform:ts1)# exit
G350-001#
Configuring ISAKMP peer information
ISAKMP peer information defines the remote peer identification, the pre-shared key used for
peer authentication, and the ISAKMP policy to be used for IKE phase 1 negotiations between
the peers.
!
Important:
It is mandatory to define at least one ISAKMP peer.
Important:
Note:
You can define up to 100 ISAKMP peers.
Note:
1. Use the crypto isakmp peer command, followed by the address of the ISAKMP peer
or its FQDN (Fully Qualified Domain Name), to enter the context of an ISAKMP peer (and
to create the peer if it does not exist).
Note:
If you wish to specify the ISAKMP peer by its FQDN name, you must configure
Note:
the G250/G350 as a DNS client (see
that the peer's name is listed in a DNS server.
458 Administration for the Avaya G250 and Avaya G350 Media Gateways
DNS Resolver
on page 77), and make sure
Advertisement
Table of Contents
