- DSCP = bearer > Route: WAN
- DSCP = control > Route: 1. WAN 2. DBR
Note:
For information about PBR, see
Policy-based routing on page 587.
2. Configure the VPN Hub (Main Office) as follows:
• The VPN policy portion for the branch is configured as a mirror image of the
branch
• The ACL portion for the branch is a mirror image of the branch, with some
minor modifications
• Static routing is configured as follows:
Branch subnets > Internet interface
• The PBR portion for the branch is configured as follows, on most interfaces:
- Destination IP = branch VoIP subnets or GW address (PMI), DSCP =
bearer > Route: WAN
- Destination IP = branch VoIP subnets or GW address (PMI), DSCP =
control > Route: 1. WAN 2. DBR
• ACM is configured to route voice calls through PSTN when the main VoIP trunk
is down.
Hub-and-spoke with VPN
Traffic
direction
ACL parameter ACL
value
Ingress IKE (UDP/500) from remote tunnel endpoint to local tunnel
endpoint
Permit
Ingress ESP/AH from remote tunnel endpoint to local tunnel endpoint Permit
Ingress Remote GRE tunnel endpoint to local GRE tunnel endpoint Permit
Ingress Allowed ICMP from any IP address to local tunnel endpoint Permit
Ingress Default Deny
Egress IKE (UDP/500) from local tunnel endpoint to remote tunnel
endpoint
Permit
Egress Local GRE tunnel endpoint to remote GRE tunnel endpoint Permit
Egress All allowed services from any local subnet to any IP address Permit
Egress Allowed ICMP from local tunnel endpoint to any IP address Permit
IPSec VPN
Administering Avaya G430 Branch Gateway October 2013 525
To Next Page
Loading...
