• To configure a static IP address:
- Be sure to specify an IP address (not an interface name) as the
local-
address
on page 495)
- Within the interface context, specify the IP address and mask using the
ip address
command
For example:
Gxxx-001(config-if:FastEthernet 10/3)# ip address 192.168.49.1
25.255.255.0
• To configure a dynamic IP address, see
509
3. Use the
ip crypto-group
command, followed by the index of the crypto-group,
to assign a crypto-group to the interface.
Important:
ip crypto-group
is a mandatory command.
4. Optionally, you can set the following parameters:
• The
crypto ipsec minimal-pmtu
command is intended for advanced
users only. It sets the minimal PMTU value which can be applied to an SA
when the Branch Gateway participates in Path MTU Discovery (PMTUD) for
the tunnel pertaining to that SA.
• The
crypto ipsec df-bit
command is intended for advanced users only.
It sets the Do Not Fragment (DF) bit to either clear or copy mode:
- copy. The DF bit of the encapsulated packet is copied from the original
packet, and PMTUD is maintained for the IPSec tunnel.
- clear. The DF bit of the encapsulated packet is never set, and PMTUD is
not maintained for the IPSec tunnel. Packets traversing an IPSec tunnel
are pre-fragmented according to the MTU of the SA, regardless of their
DF bit. In case packets are fragmented, the DF bit is copied to every
fragment of the original packet.
For example:
Gxxx-001(config-if:FastEthernet 10/3)# ip crypto-group 901
Done!
Gxxx-001(config-if:FastEthernet 10/3)# crypto ipsec minimal pmtu 500
Done!
Gxxx-001(config-if:FastEthernet 10/3)# crypto ipsec df-bit copy
Done!
5. Exit the interface context with the
exit
command.
IPSec VPN
Administering Avaya G430 Branch Gateway
October 2013 501
Summary of Contents for G430
Page 1: ...Administering Avaya G430 Branch Gateway Release 6 3 03 603228 Issue 5 October 2013 ...
Page 12: ...12 Administering Avaya G430 Branch Gateway October 2013 ...
Page 246: ...VoIP QoS 246 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...
Page 556: ...IPSec VPN 556 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...