Avaya G250 Administration page 487
Media gateways
Hide thumbs
Also See for G250:
- Administration manual (840 pages) ,
- Reference (812 pages) ,
- Administration (620 pages)
Table of Contents
Advertisement
Table 63: Configuring the mesh VPN topology - branch 2 (continued)
Traffic
ACL parameter
Direction
Ingress
IKE from First Branch IP to
Branch IP
Ingress
ESP from First Branch IP to
Branch IP
Ingress
ICMP from any IP address to
local tunnel endpoint
Ingress
All allowed services from any IP
address to any local subnet
Ingress
Default
Egress
IKE from Branch IP to Main
Office IP
Egress
ESP from Branch IP to Main
Office IP
Egress
IKE from Branch IP to First
Branch IP
Egress
ESP from Branch IP to First
Branch IP
Egress
ICMP from local tunnel endpoint
to any IP address
Egress
All allowed services from any
local subnet to any IP address
Egress
Default
3. Configure the VPN Hub (Main Office) as follows:
Static routing: Branch subnets -> Internet interface.
●
The VPN policy portion for the branch is configured as a mirror image of the branch, as
●
follows:
Traffic from any IP address to branch local subnets -> encrypt, using tunnel mode
IPSec.
The remote peer is the VPN Spoke (Branch Internet address).
ACL
Description
value
Permit
-
Permit
-
Permit
This allows PMTUD application
to work.
Permit
Due to the definition of the VPN
Policy, this will be allowed only if
traffic comes over ESP.
Deny
-
Permit
-
Permit
-
Permit
This allows the PMTUD
application to work.
Permit
This traffic is tunnelled using
VPN.
Permit
This allows the PMTUD
application to work.
Permit
This traffic is tunnelled using
VPN.
Deny
-
Issue 3 February 2007
Typical installations
2 of 2
487
Advertisement
Table of Contents
