Administration of the Avaya G350 Media Gateway - Avaya Support
Administration of the Avaya G350 Media Gateway - Avaya Support Administration of the Avaya G350 Media Gateway - Avaya Support
Configuring IPSec VPN3. Exit crypto map context using the exit CLI command.G350-001(config-crypto:1)# exitG350-001#Configuring crypto-listsA crypto-list is an ordered list of ip-rules that control which traffic requires IPSec protection andwhich does not, based on IP groups (source and destination IP addresses/mask). A crypto-listis activated on an interface. The G350 can have multiple crypto-lists activated on differentinterfaces.To configure a crypto-list:1. Enter the crypto-list context and create a crypto-list by using the crypto-list CLIcommand.Important:! Important:It is mandatory to create at least one crypto-list.G350-001# ip crypto-list 901G350-001(Crypto 901)#2. Configure the following parameters:●local address: the local IP address for the IPSec tunnels derived from this crypto list.Important:●●●! Important:local address is a mandatory parameter.name: the name of the crypto listowner: the owner of the crypto listcookie: the list cookie for this crypto list. This parameter is used by QoS Manager.G350-001(Crypto 901)# local address 192.168.49.1Done!G350-001(Crypto 901)# name “Public Network via ADSL”Done!G350-001(Crypto 901)# owner louDone!G350-001(Crypto 901)# cookie 1Done!214 Administration of the Avaya G350 Media Gateway
Configuring a site-to-site IPSec VPN3. Enter the ip-rule context and define an ip-rule using the ip-rule CLI command.Important:! Important:It is mandatory to create at least one ip-rule.G350-001(Crypto 901Crypto 901)# ip-rule 10G350-001(Crypto 901/ip rule 10)#4. Configure the following ip-rule parameters:●●●source ip: the requested source IP address to matchdestination ip: the requested destination IP address to matchDefine the action: specify whether to protect traffic that matches the source anddestination addresses:●●no protect: do not protect traffic that matches the source and destinationaddressesprotect crypto map : protect traffic that matches the sourceand destination addresses. The specified crypto map specifies how to secure thetraffic.G350-001(Crypto 901/ip rule 10)# source-ip 10.1.0.0 0.0.255.255Done!G350-001(Crypto 901/ip rule 10)# destination-ip anyDone!G350-001(Crypto 901/ip rule 10)# protect crypto map 1Done!5. Exit ip-rule context using the exit CLI command.G350-001(Crypto 901/ip rule 10)# exitG350-001(Crypto 901)#6. Repeat steps 3, 4 and 5 for every ip-rule you wish to define in the crypto-list.7. Create a last ip-rule using the ip-rule default command. This rule specifies whichaction to take if a packet matches non of the previous rules. Within this ip-rule context,define only whether to protect or no protect traffic.G350-001(Crypto 901Crypto 901)# ip-rule defaultG350-001(Crypto 901/ip rule default)# protect crypto map 1Done!8. Exit ip-rule context using the exit CLI command.G350-001(Crypto 901/ip rule default)# exitG350-001(Crypto 901)#Issue 3 January 2005 215
- Page 164 and 165: Configuring the routerStatic routes
- Page 166 and 167: Configuring the routerRouting table
- Page 168 and 169: Configuring the routerRouting packe
- Page 170 and 171: Configuring the routerThe following
- Page 172 and 173: Configuring the routerDynamic MTU d
- Page 174 and 175: Configuring the routerAdditional GR
- Page 176 and 177: Configuring the routerYou can use t
- Page 178 and 179: Configuring the routerDHCP/BOOTP re
- Page 180 and 181: Configuring the routerApplication
- Page 182 and 183: Configuring the routerNote:Note:If
- Page 184 and 185: Configuring the routerG350-001(supe
- Page 186 and 187: Configuring the routerDirected broa
- Page 188 and 189: Configuring the routerDynamic ARP t
- Page 190 and 191: Configuring the routerConfiguring I
- Page 192 and 193: Configuring the routerPoison-revers
- Page 194 and 195: Configuring the router●●●●U
- Page 196 and 197: Configuring the routerOSPF commands
- Page 198 and 199: Configuring the routerand what metr
- Page 200 and 201: Configuring the router●●●●
- Page 202 and 203: Configuring the routerReassembly pa
- Page 204 and 205: Configuring IPSec VPNConfiguring a
- Page 206 and 207: Configuring IPSec VPNConfiguring IP
- Page 208 and 209: Configuring IPSec VPNPrerequisite -
- Page 210 and 211: Configuring IPSec VPN●hash: the h
- Page 212 and 213: Configuring IPSec VPNTo configure p
- Page 216 and 217: Configuring IPSec VPN9. Exit crypto
- Page 218 and 219: Configuring IPSec VPNIPSec VPN main
- Page 220 and 221: Configuring IPSec VPN2. Use the set
- Page 222 and 223: Configuring IPSec VPNConfiguring th
- Page 224 and 225: Configuring IPSec VPNip-rule 30sour
- Page 226 and 227: Configuring IPSec VPNFull or partia
- Page 228 and 229: Configuring IPSec VPN2. Configure b
- Page 230 and 231: Configuring IPSec VPNip-rule 4sourc
- Page 232 and 233: Configuring IPSec VPNip-rule 10sour
- Page 234 and 235: Configuring IPSec VPN2. Configure B
- Page 236 and 237: Configuring IPSec VPNip-rule 20sour
- Page 238 and 239: Configuring IPSec VPNInterface vlan
- Page 240 and 241: Configuring IPSec VPN3. Allowed ICM
- Page 242 and 243: Configuring IPSec VPNip access-cont
- Page 244 and 245: Configuring IPSec VPNip-rule 70sour
- Page 246 and 247: Configuring IPSec VPNFigure 21: Ful
- Page 248 and 249: Configuring IPSec VPNConfiguration
- Page 250 and 251: Configuring IPSec VPNip-rule 30sour
- Page 252 and 253: Configuring IPSec VPN252 Administra
- Page 254 and 255: Configuring policyAccess control li
- Page 256 and 257: Configuring policyDefining policy l
- Page 258 and 259: Configuring policyAttaching policy
- Page 260 and 261: Configuring policyDevice-wide polic
- Page 262 and 263: Configuring policyEditing and creat
Configuring a site-to-site IPSec VPN3. Enter <strong>the</strong> ip-rule context and define an ip-rule using <strong>the</strong> ip-rule CLI command.Important:! Important:It is mandatory to create at least one ip-rule.<strong>G350</strong>-001(Crypto 901Crypto 901)# ip-rule 10<strong>G350</strong>-001(Crypto 901/ip rule 10)#4. Configure <strong>the</strong> following ip-rule parameters:●●●source ip: <strong>the</strong> requested source IP address to matchdestination ip: <strong>the</strong> requested destination IP address to matchDefine <strong>the</strong> action: specify whe<strong>the</strong>r to protect traffic that matches <strong>the</strong> source anddestination addresses:●●no protect: do not protect traffic that matches <strong>the</strong> source and destinationaddressesprotect crypto map : protect traffic that matches <strong>the</strong> sourceand destination addresses. The specified crypto map specifies how to secure <strong>the</strong>traffic.<strong>G350</strong>-001(Crypto 901/ip rule 10)# source-ip 10.1.0.0 0.0.255.255Done!<strong>G350</strong>-001(Crypto 901/ip rule 10)# destination-ip anyDone!<strong>G350</strong>-001(Crypto 901/ip rule 10)# protect crypto map 1Done!5. Exit ip-rule context using <strong>the</strong> exit CLI command.<strong>G350</strong>-001(Crypto 901/ip rule 10)# exit<strong>G350</strong>-001(Crypto 901)#6. Repeat steps 3, 4 and 5 for every ip-rule you wish to define in <strong>the</strong> crypto-list.7. Create a last ip-rule using <strong>the</strong> ip-rule default command. This rule specifies whichaction to take if a packet matches non <strong>of</strong> <strong>the</strong> previous rules. Within this ip-rule context,define only whe<strong>the</strong>r to protect or no protect traffic.<strong>G350</strong>-001(Crypto 901Crypto 901)# ip-rule default<strong>G350</strong>-001(Crypto 901/ip rule default)# protect crypto map 1Done!8. Exit ip-rule context using <strong>the</strong> exit CLI command.<strong>G350</strong>-001(Crypto 901/ip rule default)# exit<strong>G350</strong>-001(Crypto 901)#Issue 3 January 2005 215