Configuring an ISAKMP peer-group on page 492
Configuring crypto maps on page 493
Configuring crypto lists on page 495
Access control lists on page 498
Configuring global parameters on page 499
Assigning a crypto list to an interface on page 500
VPN peer coordination
Before commencing IPSec VPN configuration, you must resolve jointly with your VPN peer the
basic parameters so that IPSec VPN can be set up symmetrically in the two peers. If the IPSec
VPN configuration in the two peers does not match, no VPN is created.
Note:
If you will be defining a peer-group which maintains a list of redundant peers, each of the
peers in the group must be configured to match the Branch Gateway.
The basic parameters include:
• The IKE phase 1 parameters (as defined in the ISAKMP policy, see Configuring ISAKMP
policies on page 486)
• The IKE phase 2 parameters (as defined in the transform-set, see Configuring transform-
sets on page 488)
• The ISAKMP peer parameters (see Configuring ISAKMP peer information on page 489)
• Which packets should be secured (as defined in the crypto list, see
Configuring crypto
lists on page 495)
• The peer addresses. For each peer, the local address entered in the crypto list (see
Configuring crypto lists on page 495) should match the ISAKMP peer address in the other
peer (see Configuring ISAKMP peer information on page 489).
• NAT Traversal, if your installation includes one or more NAT devices between the local
and remote VPN peers. See
Configuring global parameters on page 499.
See Configuring IPSec VPN logging on page 503 for information on how to view IPSec VPN
configuration in both peers so as to pinpoint the problem in case of a mismatch between the
two peers.
Configuring ISAKMP policies
About this task
An ISAKMP policy defines the IKE phase 1 parameters.
Note:
You can configure up to 40 ISAKMP policies.
IPSec VPN
486 Administering Avaya G430 Branch Gateway October 2013
Comments? infodev@avaya.com
To Next Page
Loading...
