c. Configure dynamic routing (OSPF or RIP) to run over local data interfaces (data
VLANs) and on the GRE interfaces
2. Configure the VPN Hubs (Main Offices) as follows:
a. The VPN policy portion for the branch is configured as a mirror image of the
branch
b. The ACL portion for the branch is a mirror image of the branch, with some minor
modifications
c. The GRE Tunnel interface is configured for the branch
d. Dynamic routing (OSPF or RIP) is configured to run over the GRE interface to
the branch
VPN hub redundancy and load sharing topologies
Traffic
direction
ACL parameter ACL
value
Ingress IKE (UDP/500) from remote tunnel endpoint to local tunnel endpoint Permit
Ingress ESP/AH from remote tunnel endpoint to local tunnel endpoint Permit
Ingress Allowed ICMP from any IP address to local tunnel endpoint Permit
Ingress Default Deny
Egress IKE (UDP/500) from local tunnel endpoint to remote tunnel endpoint Permit
Egress All allowed services from any local subnet to any IP address Permit
Egress Allowed ICMP from local tunnel endpoint to any IP address Permit
Egress Default Deny
VPN hub redundancy and load sharing topologies example
crypto isakmp policy 1
encryption aes
hash sha
group 2
authentication pre-share
exit
crypto isakmp peer address <Primary Main Office Internet public Static IP
Address>
pre-shared-key <key1>
isakmp-policy 1
exit
crypto isakmp peer address <Backup Main Office Internet public Static
IPSec VPN
532 Administering Avaya G430 Branch Gateway October 2013
Comments? infodev@avaya.com
To Next Page
Loading...
