Avaya G250 Administration page 497
Media gateways
Hide thumbs
Also See for G250:
- Administration manual (840 pages) ,
- Reference (812 pages) ,
- Administration (620 pages)
Table of Contents
Advertisement
VPN policy is configured on the Internet interface egress as follows:
●
Traffic from the local GRE tunnel endpoint to the remote GRE tunnel endpoint ->
encrypt, using IPSec tunnel mode, with the remote peer being the Main Office.
An access control list (ACL) is configured on the Internet interface to allow only the
●
VPN tunnel and ICMP traffic. See
Note:
For information about using access control lists, see the chapter
Note:
policy
on page 531.
Table 64: Configuring hub-and-spoke with VPN
Traffic
ACL parameter
Direction
Ingress
IKE (UDP/500) from
remote tunnel endpoint to
local tunnel endpoint
Ingress
ESP/AH from remote
tunnel endpoint to local
tunnel endpoint
Ingress
Remote GRE tunnel
endpoint to local GRE
tunnel endpoint
Ingress
Allowed ICMP from any IP
address to local tunnel
endpoint
Ingress
Default
Egress
IKE (UDP/500) from local
tunnel endpoint to remote
tunnel endpoint
Egress
Local GRE tunnel
endpoint to remote GRE
tunnel endpoint
Egress
All allowed services from
any local subnet to any IP
address
Egress
Allowed ICMP from local
tunnel endpoint to any IP
address
Egress
Default
Table 64
for configuration settings.
ACL
Description
value
Permit
-
Permit
-
Permit
-
Permit
-
Deny
-
Permit
-
Permit
-
Permit
-
Permit
-
Deny
-
Typical installations
Configuring
Issue 3 February 2007
497
Advertisement
Table of Contents
