6. Specify whether to enable continuous-channel IPSec (IKE phase 2) with the
continuous-channel command.
The default setting is no continuous-channel that disables continuous-channel
IPSec. For more information on continuous-channel see Continuous channel on
page 512.
For example:
Gxxx-001(config-crypto:1)# continuous-channel
Done!
7. Exit crypto map context with the exit command.
For example:
Gxxx-001(config-crypto:1)# exit
Gxxx-001#
Configuring crypto lists
About this task
A crypto list is an ordered list of ip-rules that control which traffic requires IPSec protection and
which does not, based on IP groups (source and destination IP addresses and wildcard). A
crypto list is activated on an interface. The Branch Gateway can have multiple crypto lists
activated on different interfaces.
Important:
It is mandatory to create at least one crypto list.
Note:
You can configure up to 100 crypto lists.
Procedure
1. Use the ip crypto-list command, followed by an index number from 901 to
999, to enter the context of a crypto list (and to create the list if it does not exist).
For example:
Gxxx-001# ip crypto-list 901
Gxxx-001(Crypto 901)#
2. Specify the local IP address for the IPSec tunnels derived from this crypto list, using
the local-address command.
The local address can be either the IP address or the name of an IP interface of the
device.
Important:
local-address is a mandatory command.
IPSec VPN
Administering Avaya G430 Branch Gateway October 2013 495
To Next Page
Loading...
