Avaya G250 Administration page 486
Media gateways
Hide thumbs
Also See for G250:
- Administration manual (840 pages) ,
- Reference (812 pages) ,
- Administration (620 pages)
Table of Contents
Advertisement
Configuring IPSec VPN
Table 62: Configuring the mesh VPN topology - branch 1 (continued)
Traffic
Direction
Egress
Egress
Egress
Egress
Egress
2. Configure branch office 2 as follows:
The default gateway is the Internet interface.
●
VPN policy is configured on the Internet interface egress as follows:
●
- Traffic from the local subnets to the First Spoke subnets -> encrypt, using tunnel
- Traffic from the local subnets to any IP address -> encrypt, using tunnel mode
An access control list (ACL) is configured on the Internet interface to allow only the
●
VPN / ICMP traffic. See
Note:
For information about using access control lists, see
Note:
policy
Table 63: Configuring the mesh VPN topology - branch 2
Traffic
Direction
Ingress
Ingress
486 Administration for the Avaya G250 and Avaya G350 Media Gateways
ACL parameter
IKE from Branch IP to
Second Branch IP
ESP from Branch IP to
Second Branch IP
ICMP from local tunnel
endpoint to any IP
address
All allowed services from
any local subnet to any IP
address
Default
mode IPSec, with the remote peer being the First Spoke.
IPSec,
with the remote peer being the Main Office (VPN hub)
Table 63
on page 531.
ACL parameter
IKE from Main Office IP to
Branch IP
ESP from Main Office IP to
Branch IP
ACL
Description
value
Permit
This allows the PMTUD
application to work.
Permit
This traffic is tunnelled using
VPN.
Permit
This allows the PMTUD
application to work.
Permit
This traffic is tunnelled using
VPN.
Deny
-
for configuration settings.
Chapter 20: Configuring
ACL
Description
value
Permit
-
Permit
-
2 of 2
1 of 2
Advertisement
Table of Contents
