how to secure the traffic. For instructions on configuring crypto maps, see
Configuring crypto maps on page 493.
For example:
Gxxx-001(Crypto 901/ip rule 10)# description “vpn tunnel to uk
main office”
Done!
Gxxx-001(Crypto 901/ip rule 10)# source-ip 10.1.0.0 0.0.255.255
Done!
Gxxx-001(Crypto 901/ip rule 10)# destination-ip any
Done!
Gxxx-001(Crypto 901/ip rule 10)# protect crypto map 1
Done!
• For rules whose action is no protect, you can fine-tune the definition of
packets that match this rule by using the following commands. For a full
description of the commands see Avaya CLI Reference. Note that this fine-
tuning is not applicable for rules whose action is protect crypto map.
- ip-protocol. Specify the IP protocol to match.
- tcp. Specify the TCP settings to match.
- udp. Specify the UDP settings to match.
- icmp. Specify the ICMP protocol settings to match.
- dscp. Specify the DSCP to match.
- fragment. Specify whether this rule applies to non-initial fragments
only.
6. Exit ip-rule context with the exit command.
For example:
Gxxx-001(Crypto 901/ip rule 10)# exit
Gxxx-001(Crypto 901)#
7. Repeat Steps 4 to 6 for every ip-rule you wish to define in the crypto list.
8. Exit crypto list context with the exit command.
For example:
Gxxx-001(Crypto 901)# exit
Gxxx-001#
Related topics:
Deactivating crypto lists to modify IPSec VPN parameters on page 497
Changing parameters of a crypto list. on page 498
Deactivating crypto lists to modify IPSec VPN parameters
About this task
Most IPSec VPN parameters cannot be modified if they are linked to an active crypto list.
IPSec VPN
Administering Avaya G430 Branch Gateway October 2013 497
To Next Page
Loading...
