Using Dynamic Local Peer Ip - Avaya G250 Administration

Configuring IPSec VPN

Using dynamic local peer IP

When the number of static IP addresses in an organization is limited, the ISP allocates
temporary IP addresses to computers wishing to communicate over IP. These temporary
addresses are called dynamic IP addresses.
The G250/G350 IPSec VPN feature provides dynamic local peer IP address support. To work
with dynamic local peer IP, you must first configure some prerequisites and then instruct the
G250/G350 to learn the IP address dynamically using either PPPoE or DHCP Client.
Note:
When working with dynamic local peer IP, you must make sure that it is the G250/
Note:
G350 that initiates the VPN connection. The VPN peer cannot initiate the
connection since it does not know the G250/G350's IP address.
To maintain the G250/G350 as the initiator, you can:
Prerequisites for dynamic local peer IP
Specify IKE aggressive mode using the initiate mode aggressive command when
●
entering the ISAKMP peer information (see
page 458). For example:
G350-001(config-peer:149.49.70.1)# initiate mode aggressive
Done!
Specify the local device by its FQDN name, using the self-identity command, when
●
entering the ISAKMP peer information (see
page 458). For example:
G350-001(config-peer:149.49.70.1)# self-identity fqdn vpn.avaya.com
Done!
Specify the local address by name in the ip crypto-lists, using the local-address
●
command (see
by interface name. For example:
G350-001(Crypto 901)# local-address FastEthernet 10/2
Done!
480 Administration for the Avaya G250 and Avaya G350 Media Gateways
- Specify continuous channel in the context of the VPN peer, to maintain
the IKE phase 1 connection even when no traffic is sent (see
continuous channel
- Maintain a steady transmission of traffic by sending GRE keepalives or
employing object tracking.
Configuring crypto-lists
on page 483), or
Configuring ISAKMP peer information
Configuring ISAKMP peer information
on page 464). You must specify the local address
Enabling
on
on