Configuring IPSec VPN
550 Administration for the Avaya G250 and Avaya G350 Media Gateways
●
Per-interface security policy with bypass capability
●
IPSec is integrated into the router and can be used with other features such as GRE
tunneling
●
Random pre-shared key generation service
●
Load balancing and resiliency achievable through integration with core routing features
such as backup interfaces and GRE
G250/G350 R3.0 VPN capabilities
R3.0 VPN supports the following, in addition to the R2.2 capabilities:
●
Dynamic local peer IP address support through IKE aggressive mode and self-identity
FQDN
Note:
Note:
The G250/G350 can acquire a dynamic IP address through PPPoE or DHCP.
●
Enhanced remote peer failover support:
- Specifying a hostname rather than an IP address for the remote peer, thus allowing for
a DNS server to perform a resiliency scheme when providing the IP address mapping
- Specifying a group of redundant remote peers rather than a single peer
- Support for a standard based method called “Dead Peer Detection” (DPD), which
enables fast and efficient detection of connection failure at the IKE level
- Detection of a dead remote peer through object tracking. For information about object
tracking, see
Object tracking
on page 319.
●
NAT Traversal
The G250/G350 supports both IETF NAT-T methods and the standard method, as well as
Avaya’s proprietary method
●
Stronger encryption algorithms (AES with 192 bit key and AES with 256 bit key)
●
Support of stronger Diffie-Hellman groups in IKE phase 1, groups 5 and 14
●
Support of additional Perfect Forward Secrecy (PFS), groups 5 and 14
●
Transport mode ESP encapsulation, intended for GRE over VPN
●
IP Payload compression (IPPCP) with LZS support
●
Continuous IKE SA and continuous IPSec SA
In this mode, SAs are negotiated as soon as possible, even if no traffic is traversing the
connection.
●
Configuration MIB, Monitoring MIB, and Traps, as described in
avaya-ipsec-mib.my
(OID 1.3.6.1.4.1.6889.2.6.1.1)
Summary of Contents for Media Gateway G250
Page 1: ...Administration for the Avaya G250 and Avaya G350 Media Gateways 03 300436 Issue 5 June 2008 ...
Page 24: ...Contents 24 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 32: ...Introduction 32 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 38: ...Configuration overview 38 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 244: ...Configuring logging 244 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 258: ...Configuring VoIP QoS 258 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 370: ...Configuring SNMP 370 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 548: ...Configuring the router 548 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 664: ...Configuring policy 664 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 686: ...Setting synchronization 686 Administration for the Avaya G250 and Avaya G350 Media Gateways ...