Traffic
direction
ACL parameter ACL
value
Description
Ingress ESP from Second Branch IP
to Branch IP
Permit -
Ingress ICMP from any IP address to
local tunnel endpoint
Permit This enables the PMTUD
application to work
Ingress All allowed services from any
IP address to any local
subnet
Permit Due to the definition of the VPN
Policy, this will be allowed only if
traffic comes over ESP
Ingress Default Deny -
Egress IKE from Branch IP to Main
Office IP
Permit -
Egress ESP from Branch IP to Main
Office IP
Permit -
Egress IKE from Branch IP to
Second Branch IP
Permit This enables the PMTUD
application to work
Egress ESP from Branch IP to
Second Branch IP
Permit This traffic is tunnelled using VPN
Egress ICMP from local tunnel
endpoint to any IP address
Permit This enables the PMTUD
application to work
Egress All allowed services from any
local subnet to any IP
address
Permit This traffic is tunnelled using VPN
Egress Default Deny -
Mesh VPN topology – Branch Office 2
Traffic
direction
ACL parameter ACL
value
Description
Ingress IKE from Main Office IP to
Branch IP
Permit -
Ingress ESP from Main Office IP to
Branch IP
Permit -
Ingress IKE from First Branch IP to
Branch IP
Permit -
Ingress ESP from First Branch IP to
Branch IP
Permit -
Ingress ICMP from any IP address to
local tunnel endpoint
Permit This enables the PMTUD
application to work
IPSec VPN
516 Administering Avaya G430 Branch Gateway October 2013
Comments? infodev@avaya.com
To Next Page
Loading...
