Administration of the Avaya G350 Media Gateway - Avaya Support

13.07.2015 Views
Configuring IPSec VPNIPSec VPN maintenanceYou can display IPSec VPN configuration and status, and clear IPSec VPN data, using certainshow and clear CLI commands. In addition, you can display the IPSec VPN log to verify thesuccess or failure of IPSec VPN operations, and to view the actual configuration of both peersfor a successful debug in case of a problem.The following sections describe these options.Displaying IPSec VPN configurationYou can use the following show CLI commands to display IPSec VPN configuration. For a fulldescription of the commands and their output fields see Avaya G350 Media Gateway CLIReference, 555-245-202.●●●●●●●Use the show crypto ipsec transform-set command to display configuration for aspecified transform-set or all transform-sets.Use the show crypto isakmp policy command to display ISAKMP policyconfiguration.Use the show crypto isakmp peer command to display crypto ISAKMP peerconfiguration.Use the show crypto map command to display all or specific crypto mapconfigurations.Use the show ip crypto-list list# command to display the configuration of aspecific crypto-list.Use the show ip crypto-list command to display all crypto-lists.Use the show ip active-lists command to display the crypto-lists active on eachinterface.Displaying IPSec VPN statusYou can use the following show CLI commands to display IPSec VPN status. For a fulldescription of the commands and their output fields see the CLI Reference Guide.●●●Use the show crypto isakmp sa command to display ISAKMP SA database status.Use the show crypto ipsec sa [detail] CLI command to display the IPsec SAdatabase status.Use the show crypto ipsec sa address CLI command to display the IPsec SAconfiguration by peer IP address.218 Administration of the Avaya G350 Media Gateway

IPSec VPN maintenanceTip:●●Use the show crypto ipsec sa list list-id [rule rule-id] [detail] CLIcommand to display the IPsec SA configuration by list ID and rule ID.Tip:The detail option in the various show crypto ipsec sa CLI commands,provides detailed counters information on each IPSec SA. To pinpoint the sourceof a problem, it is useful to check for a counter whose value grows with time.Use the clear crypto sa counters command to clear the crypto SA counters.IPSec VPN interventionYou can use the following clear CLI commands to intervene in IPSec VPN configuration:●●Use the clear crypto sa command to clear all IPSec SAs (security associationstructures).Use the clear crypto isakmp command to flush a specific entry in the ISAKMPdatabase or the entire ISAKMP database.Note:Note:If you wish to clear both an ISAKMP connection and the IPSec SAs, therecommended order of operations is:First clear the IPSec SAs using the clear crypto sa all command,then clear the ISAKMP SA using the clear crypto isakmp command.IPSec VPN loggingIPSec VPN logging allows you to view the start and finish of IKE phase 1 and IKE phase 2negotiations. Most importantly, it displays the configuration of both peers, so that you canpinpoint the problem in case of a mismatch between the IPSec VPN configuration of the peers.To view the IPSec VPN syslog:1. Use the set logging session enable command to enable syslog on the session.G350-001# set logging session enableDone!CLI-Notification: write: set logging session enableIssue 3 January 2005 219

Page 1 and 2: Administration of theAvaya G350 Med

Page 3 and 4: Electromagnetic Compatibility (EMC)

Page 5: ContentsAbout this Book . . . . . .

Page 8 and 9: ContentsConfiguring PPP . . . . . .

Page 10 and 11: ContentsPort classification . . . .

Page 12 and 13: ContentsConfiguring VRRP . . . . .

Page 14 and 15: ContentsChapter 19: Configuring pol

Page 16 and 17: Contents16 Administration of the Av

Page 18 and 19: About this Book4. Scroll down to fi

Page 20 and 21: About this BookSending us commentsA

Page 22 and 23: Introduction●●●●●●●

Page 24 and 25: Configuration overviewIf you intend

Page 26 and 27: Configuration overviewSaving config

Page 28 and 29: Accessing the Avaya G350 Media Gate











Page 50 and 51: Basic device configurationConfiguri

Page 52 and 53: Basic device configurationThe Media

Page 54 and 55: Basic device configurationSetting r

Page 56 and 57: Basic device configuration●●●

Page 58 and 59: Basic device configurationEach firm

Page 60 and 61: Basic device configurationThe follo

Page 62 and 63: Configuring Ethernet portsConfiguri

Page 64 and 65: Configuring Ethernet portsWAN Ether

Page 66 and 67: Configuring loggingSyslog serverA S

Page 68 and 69: Configuring loggingFilters and seve

Page 70 and 71: Configuring loggingTable 5: Logging

Page 72 and 73: Configuring VoIP QoSConfiguring RTP

Page 74 and 75: Configuring VoIP QoSConfiguring QoS

Page 76 and 77: Configuring VoIP QoSConfiguring Wei

Page 78 and 79: Configuring the G350 for modem useN

Page 80 and 81: Configuring the G350 for modem use8

Page 82 and 83: Configuring a WAN Interface●●

Page 84 and 85: Configuring a WAN InterfaceFigure 3

Page 86 and 87: Configuring a WAN Interface3. Use t

Page 88 and 89: Configuring a WAN InterfaceE1/T1 de

Page 90 and 91: Configuring a WAN InterfaceUSP defa


Page 94 and 95: Configuring a WAN Interfacetrying t

Page 96 and 97: Configuring a WAN Interface8. Use t

Page 98 and 99: Configuring a WAN InterfaceConfigur


Page 102 and 103: Configuring a WAN InterfaceNote:Not

Page 104 and 105: Configuring a WAN InterfaceIf one o

Page 106 and 107: Configuring a WAN InterfacePPP VoIP

Page 108 and 109: Configuring a WAN Interface● VLAN

Page 110 and 111: Configuring a WAN Interface110 Admi

Page 112 and 113: Configuring PoELoad detectionThe MM

Page 114 and 115: Configuring PoEPoE configuration CL

Page 116 and 117: Configuring PoE116 Administration o

Page 118 and 119: Configuring Emergency Transfer Rela

Page 120 and 121: Configuring SNMPThere are several w

Page 122 and 123: Configuring SNMPUsersSNMPv3 uses th

Page 124 and 125: Configuring SNMPGroup NameSecurityM

Page 126 and 127: Configuring SNMP- notification type

Page 128 and 129: Configuring SNMPConfiguring dynamic

Page 130 and 131: Configuring SNMPThe following examp

Page 132 and 133: Configuring advanced switchingVLAN

Page 134 and 135: Configuring advanced switchingMulti

Page 136 and 137: Configuring advanced switching●

Page 138 and 139: Configuring advanced switchingRelia

Page 140 and 141: Configuring advanced switchingSwitc

Page 142 and 143: Configuring advanced switchingPort

Page 144 and 145: Configuring advanced switchingThe S

Page 146 and 147: Configuring advanced switching●Po

Page 148 and 149: Configuring advanced switchingThe f

Page 150 and 151: Configuring advanced switchingPort

Page 152 and 153: Configuring contact closureContact

Page 154 and 155: Configuring contact closure154 Admi

Page 156 and 157: Configuring RMON monitoringRMON CLI

Page 158 and 159: Configuring RMON monitoring158 Admi

Page 160 and 161: Configuring the routerOverview of t

Page 162 and 163: Configuring the routerLayer 2 logic

Page 164 and 165: Configuring the routerStatic routes

Page 166 and 167: Configuring the routerRouting table

Page 168 and 169: Configuring the routerRouting packe

Page 170 and 171: Configuring the routerThe following

Page 172 and 173: Configuring the routerDynamic MTU d

Page 174 and 175: Configuring the routerAdditional GR

Page 176 and 177: Configuring the routerYou can use t

Page 178 and 179: Configuring the routerDHCP/BOOTP re

Page 180 and 181: Configuring the routerApplication

Page 182 and 183: Configuring the routerNote:Note:If

Page 184 and 185: Configuring the routerG350-001(supe

Page 186 and 187: Configuring the routerDirected broa

Page 188 and 189: Configuring the routerDynamic ARP t

Page 190 and 191: Configuring the routerConfiguring I

Page 192 and 193: Configuring the routerPoison-revers

Page 194 and 195: Configuring the router●●●●U

Page 196 and 197: Configuring the routerOSPF commands

Page 198 and 199: Configuring the routerand what metr

Page 200 and 201: Configuring the router●●●●

Page 202 and 203: Configuring the routerReassembly pa

Page 204 and 205: Configuring IPSec VPNConfiguring a

Page 206 and 207: Configuring IPSec VPNConfiguring IP

Page 208 and 209: Configuring IPSec VPNPrerequisite -

Page 210 and 211: Configuring IPSec VPN●hash: the h

Page 212 and 213: Configuring IPSec VPNTo configure p

Page 214 and 215: Configuring IPSec VPN3. Exit crypto

Page 216 and 217: Configuring IPSec VPN9. Exit crypto

Page 220 and 221: Configuring IPSec VPN2. Use the set

Page 222 and 223: Configuring IPSec VPNConfiguring th

Page 224 and 225: Configuring IPSec VPNip-rule 30sour

Page 226 and 227: Configuring IPSec VPNFull or partia

Page 228 and 229: Configuring IPSec VPN2. Configure b

Page 230 and 231: Configuring IPSec VPNip-rule 4sourc


Page 234 and 235: Configuring IPSec VPN2. Configure B


Page 238 and 239: Configuring IPSec VPNInterface vlan

Page 240 and 241: Configuring IPSec VPN3. Allowed ICM

Page 242 and 243: Configuring IPSec VPNip access-cont


Page 246 and 247: Configuring IPSec VPNFigure 21: Ful

Page 248 and 249: Configuring IPSec VPNConfiguration


Page 252 and 253: Configuring IPSec VPN252 Administra

Page 254 and 255: Configuring policyAccess control li

Page 256 and 257: Configuring policyDefining policy l

Page 258 and 259: Configuring policyAttaching policy

Page 260 and 261: Configuring policyDevice-wide polic

Page 262 and 263: Configuring policyEditing and creat

Page 264 and 265: Configuring policySource and destin

Page 266 and 267: Configuring policyComposite operati

Page 268 and 269: Configuring policy●●●CoS —

Page 270 and 271: Configuring policyThe following com

Page 272 and 273: Configuring policySimulating packet

Page 274 and 275: Configuring policy-based routingPol

Page 276 and 277: Configuring policy-based routingCon

Page 278 and 279: Configuring policy-based routing●

Page 280 and 281: Configuring policy-based routingMod

Page 282 and 283: Configuring policy-based routingEdi

Page 284 and 285: Configuring policy-based routingIn

Page 286 and 287: Configuring policy-based routingThe

Page 288 and 289: Setting synchronizationIf, for any

Page 290 and 291: FIPSFigure 26: Image of the cryptog

Page 292 and 293: FIPSSupported algorithmsThe cryptog

Page 294 and 295: FIPSSecurity levelThe cryptographic

Page 296 and 297: FIPSTable 14: Roles and required id

Page 298 and 299: FIPSTable 15: Critical security par

Page 300 and 301: FIPSCSP access rights within roles

Page 302 and 303: FIPSTable 18 shows Role and Service

Page 304 and 305: FIPSTable 18: Role and service acce

Page 306 and 307: FIPSPassword guidelinesBelow are ge

Page 308 and 309: FIPS2. Define the PMI (Primary Mana

Page 310 and 311: FIPS10. Physically disconnect all n

Page 312 and 313: FIPS18. To configure all interfaces

Page 314 and 315: FIPS●Use the snmp-server user use

Page 316 and 317: FIPS●●TFTPSNMPExample:G350-001(

Page 318 and 319: FIPSG350-N(super)# ip crypto-list 9

Page 320 and 321: FIPSError statesTable 19 describes

Page 322 and 323: FIPSConsiderationsThe following rul

Page 324 and 325: Traps and MIBsNameParameters(MIB va




Page 332 and 333: Traps and MIBsMIB FileIP-FORWARD-MI

Page 334 and 335: Traps and MIBsObjectOIDgenOpResetSu

Page 336 and 337: Traps and MIBsThe following table p

Page 338 and 339: Traps and MIBsObject OIDipCidrRoute

Page 340 and 341: Traps and MIBsObject OIDgenMemUtili

Page 342 and 343: Traps and MIBsObject OIDdsx1Circuit


Page 346 and 347: Traps and MIBsObject OIDipOutDiscar

Page 348 and 349: Traps and MIBsObject OIDsnmpOutBadV


Page 352 and 353: Traps and MIBsObject OIDdistributio

Page 354 and 355: Traps and MIBsObject OIDrs232SyncPo

Page 356 and 357: Traps and MIBsObject OIDifInUnknown

Page 358 and 359: Traps and MIBsObject OIDdsx1Fdl 1.3


Page 362 and 363: Traps and MIBsObject OIDipPolicyCon

Page 364 and 365: Traps and MIBsObject OIDipPolicyCom


Page 368 and 369: Traps and MIBsObject OIDchGroupList

Page 370 and 371: Traps and MIBsObject OIDgenGroupLog

Page 372 and 373: Traps and MIBsObject OIDcmgModuleSe

Page 374 and 375: Traps and MIBsObject OIDcmgVoipLoca

Page 376 and 377: Traps and MIBsObject OIDfrCircuitDl

Page 378 and 379: Traps and MIBsObject OIDipAdEntIfIn

Page 380 and 381: Traps and MIBsObject OIDpppLinkStat

Page 382 and 383: Traps and MIBsObject OIDifTableXtnd


Page 386 and 387: Traps and MIBsObject OIDospfIfAuthT

Page 388 and 389: Traps and MIBs388 Administration of

Page 390 and 391: Configuring the G350 using the Avay



















Page 428 and 429: Configuring the G350 using the GIW2






Page 440 and 441: IndexCommands, (continued)autoneg .

Page 442 and 443: IndexCommands, (continued)show-rule

Page 444 and 445: IndexHHello packets . . . . . . . .

Page 446 and 447: IndexPolicy-based routingapplicatio

Page 448 and 449: Indexset vlan . . . . . . . . . . .

Page 450: Index450 Administration of the Avay

avaya

interface

gateway

configure

configuring

configuration

administration

january

vlan

commands

Administration of the Avaya G350 Media Gateway - Avaya Support

Administration of the Avaya G350 Media Gateway - Avaya Support ... View more Administration of the Avaya G350 Media Gateway - Avaya Support

Delete template?

Save as template ?

Administration of the Avaya G350 Media Gateway - Avaya Support Administration of the Avaya G350 Media Gateway - Avaya Support