Administration of the Avaya G350 Media Gateway - Avaya Support
Administration of the Avaya G350 Media Gateway - Avaya Support Administration of the Avaya G350 Media Gateway - Avaya Support
Configuring IPSec VPNTo configure peer information:1. Enter the ISAKMP peer context and define an ISAKMP peer by its address, using thecrypto isakmp peer CLI command.G350-001# crypto isakmp peer address 149.49.70.1G350-001(config-peer:149.49.70.1)#2. Enter a description for the peer.G350-001(config-peer:149.49.70.1)# description "New York office"Done!3. Specify an ISAKMP policy to be used with the peer, using the isakmp policy CLIcommand.Important:! Important:isakmp policy is a mandatory parameter.G350-001(config-peer:149.49.70.1)# isakmp-policy 1Done!4. Enter the preshared key for peer authentication using the pre-shared-key CLIcommand.Important:! Important:pre-shared-key is a mandatory parameter.G350-001(config-peer:149.49.70.1)# pre-shared-key GNpi1odGNBrB5z4GJLDone!OrObtain a suggested key from the gateway using the crypto isakmp suggest-key CLIcommand and then enter it using the pre-shared-key CLI command. Note that you mustexit the ISAKMP peer context before using the crypto isakmp suggest-keycommand, and re-enter ISAKMP peer context to use the pre-shared-key command.The suggested key-length can vary from 8-127 characters, and the default is 32 characters.G350-001(config-peer:149.49.70.1)# exitG350-001# crypto isakmp suggest-key 24The suggest key: yjsYIz9ikcwaq0FUPTF3CIrwG350-001# crypto isakmp peer address 149.49.70.1G350-001(config-peer:149.49.70.1) pre-shared-key yjsYIz9ikcwaq0FUPTF3CIrwDone!212 Administration of the Avaya G350 Media Gateway
Configuring a site-to-site IPSec VPN5. Exit the peer context using the exit CLI command.G350-001(config-peer:149.49.70.1)# exitG350-001#Configuring crypto mapsA crypto map points to a transform-set and to a peer (which in turn points to an ISAKMP policy).These components define how to secure the traffic that matches the ip-rule that points to thiscrypto map.Important:! Important:It is mandatory to create at least one crypto map.Note:Note: You can configure up to 50 crypto maps.To configure a crypto map:1. Enter crypto map context and create a crypto map by using the crypto map CLIcommand.G350-001# crypto map 1G350-001(config-crypto:1)#2. Configure the following crypto map parameters:●●●●description: the description of the crypto mapset peer: the remote peerset transform set: the specific transform-set to which this crypto map pointsset dscp: the static DSCP value in the DS field of the tunneled packet. The defaultsetting is no set dscp, which specifies that the DSCP is copied from the DS field of theoriginal packet.Important:! Important:set peer and set transform set are mandatory parameters.G350-001(config-crypto:1)# description "vpn lincroft branch"Done!G350-001(config-crypto:1)# set peer 149.49.60.60Done!G350-001(config-crypto:1)# set transform-set ts1Done!G350-001(config-crypto:1)# set dscp 38Done!Issue 3 January 2005 213
- Page 162 and 163: Configuring the routerLayer 2 logic
- Page 164 and 165: Configuring the routerStatic routes
- Page 166 and 167: Configuring the routerRouting table
- Page 168 and 169: Configuring the routerRouting packe
- Page 170 and 171: Configuring the routerThe following
- Page 172 and 173: Configuring the routerDynamic MTU d
- Page 174 and 175: Configuring the routerAdditional GR
- Page 176 and 177: Configuring the routerYou can use t
- Page 178 and 179: Configuring the routerDHCP/BOOTP re
- Page 180 and 181: Configuring the routerApplication
- Page 182 and 183: Configuring the routerNote:Note:If
- Page 184 and 185: Configuring the routerG350-001(supe
- Page 186 and 187: Configuring the routerDirected broa
- Page 188 and 189: Configuring the routerDynamic ARP t
- Page 190 and 191: Configuring the routerConfiguring I
- Page 192 and 193: Configuring the routerPoison-revers
- Page 194 and 195: Configuring the router●●●●U
- Page 196 and 197: Configuring the routerOSPF commands
- Page 198 and 199: Configuring the routerand what metr
- Page 200 and 201: Configuring the router●●●●
- Page 202 and 203: Configuring the routerReassembly pa
- Page 204 and 205: Configuring IPSec VPNConfiguring a
- Page 206 and 207: Configuring IPSec VPNConfiguring IP
- Page 208 and 209: Configuring IPSec VPNPrerequisite -
- Page 210 and 211: Configuring IPSec VPN●hash: the h
- Page 214 and 215: Configuring IPSec VPN3. Exit crypto
- Page 216 and 217: Configuring IPSec VPN9. Exit crypto
- Page 218 and 219: Configuring IPSec VPNIPSec VPN main
- Page 220 and 221: Configuring IPSec VPN2. Use the set
- Page 222 and 223: Configuring IPSec VPNConfiguring th
- Page 224 and 225: Configuring IPSec VPNip-rule 30sour
- Page 226 and 227: Configuring IPSec VPNFull or partia
- Page 228 and 229: Configuring IPSec VPN2. Configure b
- Page 230 and 231: Configuring IPSec VPNip-rule 4sourc
- Page 232 and 233: Configuring IPSec VPNip-rule 10sour
- Page 234 and 235: Configuring IPSec VPN2. Configure B
- Page 236 and 237: Configuring IPSec VPNip-rule 20sour
- Page 238 and 239: Configuring IPSec VPNInterface vlan
- Page 240 and 241: Configuring IPSec VPN3. Allowed ICM
- Page 242 and 243: Configuring IPSec VPNip access-cont
- Page 244 and 245: Configuring IPSec VPNip-rule 70sour
- Page 246 and 247: Configuring IPSec VPNFigure 21: Ful
- Page 248 and 249: Configuring IPSec VPNConfiguration
- Page 250 and 251: Configuring IPSec VPNip-rule 30sour
- Page 252 and 253: Configuring IPSec VPN252 Administra
- Page 254 and 255: Configuring policyAccess control li
- Page 256 and 257: Configuring policyDefining policy l
- Page 258 and 259: Configuring policyAttaching policy
- Page 260 and 261: Configuring policyDevice-wide polic
Configuring IPSec VPNTo configure peer information:1. Enter <strong>the</strong> ISAKMP peer context and define an ISAKMP peer by its address, using <strong>the</strong>crypto isakmp peer CLI command.<strong>G350</strong>-001# crypto isakmp peer address 149.49.70.1<strong>G350</strong>-001(config-peer:149.49.70.1)#2. Enter a description for <strong>the</strong> peer.<strong>G350</strong>-001(config-peer:149.49.70.1)# description "New York <strong>of</strong>fice"Done!3. Specify an ISAKMP policy to be used with <strong>the</strong> peer, using <strong>the</strong> isakmp policy CLIcommand.Important:! Important:isakmp policy is a mandatory parameter.<strong>G350</strong>-001(config-peer:149.49.70.1)# isakmp-policy 1Done!4. Enter <strong>the</strong> preshared key for peer au<strong>the</strong>ntication using <strong>the</strong> pre-shared-key CLIcommand.Important:! Important:pre-shared-key is a mandatory parameter.<strong>G350</strong>-001(config-peer:149.49.70.1)# pre-shared-key GNpi1odGNBrB5z4GJLDone!OrObtain a suggested key from <strong>the</strong> gateway using <strong>the</strong> crypto isakmp suggest-key CLIcommand and <strong>the</strong>n enter it using <strong>the</strong> pre-shared-key CLI command. Note that you mustexit <strong>the</strong> ISAKMP peer context before using <strong>the</strong> crypto isakmp suggest-keycommand, and re-enter ISAKMP peer context to use <strong>the</strong> pre-shared-key command.The suggested key-length can vary from 8-127 characters, and <strong>the</strong> default is 32 characters.<strong>G350</strong>-001(config-peer:149.49.70.1)# exit<strong>G350</strong>-001# crypto isakmp suggest-key 24The suggest key: yjsYIz9ikcwaq0FUPTF3CIrw<strong>G350</strong>-001# crypto isakmp peer address 149.49.70.1<strong>G350</strong>-001(config-peer:149.49.70.1) pre-shared-key yjsYIz9ikcwaq0FUPTF3CIrwDone!212 <strong>Administration</strong> <strong>of</strong> <strong>the</strong> <strong>Avaya</strong> <strong>G350</strong> <strong>Media</strong> <strong>Gateway</strong>