Allowed Managers - Avaya G250 Technical White Paper

19. Allowed Managers

There is no equivalent command on the G250/G350 to the G700 set allowed
managers. However, it is possible to define an access control list on the
loopback interface in which only certain IPs will be allowed to communicate
to the G250/G350. This ACL will be applied on all the G250/G350 interfaces.
20. Policy Based Routing Overview
Policy-based routing allows you to configure a routing scheme based on
traffic's source IP address, destination IP address, IP protocol, and other
characteristics. You can use policy-based routing (PBR) lists to determine
the routing of packets that match the rules defined in the list. Each PBR
list includes a set of rules, and each rule includes a next hop list. Each
next hop list contains up to 20 next hop destinations to which the G250/G350
sends packets that match the rule. A destination can be either an IP address
or an interface. Policy-based routing takes place only when the packet enters
the interface, not when it leaves. Policy-based routing takes place after the
packet is processed by the Ingress Access Control. Thus, the PBR list
evaluates the packet after the packet's DSCP field has been modified by the
Ingress QoS List.
The most common application for policy-based routing is to provide for
separate routing of voice and data traffic. It can also be used as a means to
provide backup routes for defined traffic types.
Although there are many possible applications for policy-based routing, the
most common application is to create separate routing for voice and data
traffic. For more information please see the Administration for the G250 and
G350 Gateways user documentation located at support.avaya.com web site.
20. VPN Applications
VPN (Virtual Private Network) defines a private secure connection between two
nodes on a public network such as the Internet. VPN at the IP level is
deployed using IPSec. IPSec (IP Security) is a standards-based set of
protocols defined by the IETF that provide privacy, integrity, and
authenticity to information transferred across IP networks.
The standard key exchange method employed by IPSec uses the IKE (Internet Key
Exchange) protocol to exchange key information between the two nodes (called
peers). Each peer maintains SAs (security associations) to maintain the
private secure connection. IKE operates in two phases:
● The Phase-1 exchange negotiates an IKE SA.
● The IKE SA created in Phase-1 secures the subsequent Phase-2 exchanges,
which in turn generate IPSec SAs. IPSec SAs secure the actual traffic between
the protected networks behind the peers, while the
GPW/AMK ©2005 Avaya Inc. All Rights Reserved. Avaya and the Avaya logo are trademarks of Avaya Inc. and
may be registered in certain jurisdictions. All trademarks identified by ® and ™ are registered
trademarks or trademarks respectively, of Avaya Inc. All other registered trademarks or trademarks
are property of their respective owners.
34
Avaya G250/G350
Media Gateway
Security Features
Overview