Avaya G250 Administration page 620

Media gateways

Hide thumbs Also See for G250:

Table of Contents

40. Configure IKE phase 1 (ISAKMP policy) using the crypto isakmp policy command.

Diffie-Hellman group 2, 5 or 14. You may not specify Diffie-Hellman group 1.

3DES, AES-128, AES-192, or AES-256.

Use DES only for communication with legacy products that do not support AES or

G350-N(super)# crypto isakmp policy 1

G350-N(super-isakmp:1)# encryption 3des

G350-N(super-isakmp:1)# hash sha

G350-N(super-isakmp:1)# group 2

G350-N(super-isakmp:1)# exit

41. Configure VPN peers using the crypto isakmp peer command.

Existing VPN peers need new pre-shared keys, defined using the

pre-shared-key command. For the permissible key length see

G350-N(super)# crypto isakmp peer address 20.0.0.2

G350-N(super-peer:20.0.0.2)# pre-shared-key preshared_key1

G350-N(super-peer:20.0.0.2)# isakmp-policy 1

G350-N(super-peer:20.0.0.2)# keepalive 10 retry 5 periodic

G350-N(super-peer:20.0.0.2)# exit

42. Configure IPSec transform-sets using the crypto ipsec transform-set command.

G350-N# crypto ipsec transform-set ts1 esp-3des esp-sha-hmac comp-lzs

G350-N(config-transform:ts1)# exit

43. Configure Crypto Maps using the crypto map command.

G350-N# crypto map 1

G350-N(super-crypto:1)# set transform-set ts1

G350-N(super-crypto:1)# set peer 20.0.0.2

G350-N(crypto-map)# exit

620 Administration for the Avaya G250 and Avaya G350 Media Gateways

on page 604.