Typical installations
Issue 5 June 2008
589
3. Configure the VPN Hub (Main Office) as follows:
●
Static routing: Branch subnets -> Internet interface
●
The VPN policy portion for the branch is configured as a mirror image of the branch, as
follows:
●
Traffic from any IP address to branch local subnets -> encrypt, using tunnel mode
IPSec
●
The remote peer is the VPN Spoke (Branch Internet address)
Ingress
IKE from First Branch IP to
Branch IP
Permit
-
Ingress
ESP from First Branch IP to
Branch IP
Permit
-
Ingress
ICMP from any IP address to
local tunnel endpoint
Permit
This enables the PMTUD
application to work
Ingress
All allowed services from any IP
address to any local subnet
Permit
Due to the definition of the VPN
Policy, this will be allowed only if
traffic comes over ESP
Ingress
Default
Deny
-
Egress
IKE from Branch IP to Main
Office IP
Permit
-
Egress
ESP from Branch IP to Main
Office IP
Permit
-
Egress
IKE from Branch IP to First
Branch IP
Permit
This enables the PMTUD
application to work
Egress
ESP from Branch IP to First
Branch IP
Permit
This traffic is tunnelled using
VPN
Egress
ICMP from local tunnel endpoint
to any IP address
Permit
This enables the PMTUD
application to work
Egress
All allowed services from any
local subnet to any IP address
Permit
This traffic is tunnelled using
VPN
Egress
Default
Deny
-
Table 141: Configuring the mesh VPN topology – Branch Office 2 (continued)
Traffic
direction
ACL parameter
ACL
value
Description
2 of 2
Summary of Contents for Media Gateway G250
Page 1: ...Administration for the Avaya G250 and Avaya G350 Media Gateways 03 300436 Issue 5 June 2008 ...
Page 24: ...Contents 24 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 32: ...Introduction 32 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 38: ...Configuration overview 38 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 244: ...Configuring logging 244 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 258: ...Configuring VoIP QoS 258 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 370: ...Configuring SNMP 370 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 548: ...Configuring the router 548 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 664: ...Configuring policy 664 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 686: ...Setting synchronization 686 Administration for the Avaya G250 and Avaya G350 Media Gateways ...