Configuring IPSec VPN
560 Administration for the Avaya G250 and Avaya G350 Media Gateways
●
The IP compression algorithm used by the transform-set. The only possible value is
comp-lzs
.
For example:
2. You can use the following commands to set the parameters of the transform-set:
●
Use the
set pfs
command to specify whether each IKE phase 2 negotiation
employs Perfect Forward Secrecy (PFS), and if yes, which Diffie-Hellman group to
employ. PFS ensures that even if someone were to discover the long-term secret(s),
the attacker would not be able to recover the session keys, both past and present. In
addition, the discovery of a session key compromises neither the long-term secrets nor
the other session keys. The default setting is
no set pfs
.
●
Use the
set security-association lifetime seconds
command to set the
security association lifetime in seconds.
●
Use the
set security-association lifetime kilobytes
command to set
the security association lifetime in kilobytes.
●
Use the
mode
command to set the IPSec mode (
tunnel
or
transport
).
Transport
mode does not add an additional IP header (i.e., a tunnel header), but
rather uses the original packet’s header. However, it can be used only when the VPN
tunnel endpoints are equivalent to the original packet’s source and destination IP
addresses. This is generally the case when using GRE over IPSec. Note that
transport
mode cannot be used unless the remote VPN peer supports that mode
and was configured to use it.
3. Exit the crypto transform-set context with the
exit
command.
G350-001# crypto ipsec transform-set ts1 esp-3des esp-md5-hmac comp-lzs
G350-001(config-transform:ts1)#
G350-001001(config-transform:ts1ts1)# set pfs group2
Done!
G350-001(config-transform:ts1)# set security-association lifetime seconds
7200
Done!
G350-001(config-transform:ts1)# set security-association lifetime
kilobytes 268435456
G350-001(config-transform:ts1)# mode tunnel
Done!
G350-001(config-transform:ts1)# exit
G350-001#
Summary of Contents for Media Gateway G250
Page 1: ...Administration for the Avaya G250 and Avaya G350 Media Gateways 03 300436 Issue 5 June 2008 ...
Page 24: ...Contents 24 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 32: ...Introduction 32 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 38: ...Configuration overview 38 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 244: ...Configuring logging 244 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 258: ...Configuring VoIP QoS 258 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 370: ...Configuring SNMP 370 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 548: ...Configuring the router 548 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 664: ...Configuring policy 664 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 686: ...Setting synchronization 686 Administration for the Avaya G250 and Avaya G350 Media Gateways ...