d. Permit ICMP traffic, to support PMTU application support, for a better
fragmentation process
e. For each private subnet, add a permit rule, with the destination being the private
subnet and the source being any.
This traffic will be allowed only if it tunnels under the VPN, because of the crypto
list.
f.
Define all other traffic (default rule) as deny in order to protect the device from
non-secure traffic
11. Define the egress access control list to protect the device from sending traffic that
is not allowed to the public interface (optional):
a. Permit DNS traffic to allow clear (unencrypted) DNS traffic
b. Permit IKE Traffic (UDP port 500) for VPN control traffic (IKE)
c. Permit ESP traffic (IP Protocol ESP) for VPN data traffic (IPSEC)
d. Permit ICMP traffic, to support PMTU application support, for a better
fragmentation process
e. For each private subnet, add a permit rule, with the source being the private
subnet, and the destination being any
f.
Define all other traffic (default rule) as deny in order to protect the device from
sending non-secure traffic
12. Activate the crypto list, the ingress access control list, and the egress access control
list, on the public interface.
VPN DNS topology example
!
! Define the Private Subnet1
!
interface vlan 1
description “Branch Subnet1”
ip address 10.0.10.1 255.255.255.0
icc-vlan
pmi
exit
!
! Define the Private Subnet2
!
interface vlan 2
description “Branch Subnet2”
ip address 10.0.20.1 255.255.255.0
exit
!
! Define the Public Subnet
!
interface fastethernet 10/3
ip address 100.0.0.2 255.255.255.0
exit
IPSec VPN
538 Administering Avaya G430 Branch Gateway
October 2013
Summary of Contents for G430
Page 1: ...Administering Avaya G430 Branch Gateway Release 6 3 03 603228 Issue 5 October 2013 ...
Page 12: ...12 Administering Avaya G430 Branch Gateway October 2013 ...
Page 246: ...VoIP QoS 246 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...
Page 556: ...IPSec VPN 556 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...