Avaya BSGX4e User's Guide Page 161
- Page / 456
- Table of contents
- TROUBLESHOOTING
- BOOKMARKS
Rated. / 5. Based on customer reviews
BSGX4e Business Gateway User Guide 161
Release 01.01 NN47928-102
VPN Configuration
The configuration of an IPsec policy also configures an IP interface for the policy.
The IP interface is assigned a name vpnn, such as vpn0, and requires configuration
like any other IP interface.
IPsec Policy Requirements
The IP address of the remote secure gateway in an IPsec policy must also appear
as the peer in an IKE preshared key record.
The VPN interface must be assigned an IP address.
A route must send traffic to the VPN interface.
A firewall policy must allow traffic on the VPN interface.
A firewall policy must allow ESP traffic from the remote secure gateway. (IP
packets sent from the remote secure network to the local secure network are
encrypted as ESP packets.)
A firewall policy must allow IP packets sent from the local secure network to the
remote secure network. Otherwise, ESP packets cannot be routed to the remote
secure gateway.
For examples of commands that carry out these policy requirements, see “VPN
Configuration Examples” (page 163).
NOTE: By default, the Intrusion Detection Service (IDS) trusts a VPN interface
that has been assigned an IP address and does not attempt to detect
spoof attacks in its traffic. For more information, see “Spoof
Protection” (page 147).
Configure IPsec Policy Command
The IPsec policy defines the IP addresses for the VPN, including the address of the
remote gateway and the local and remote subnets secured by the VPN. An incoming
packet whose source address matches a secure local IP address, and whose
destination address matches a secure remote IP address, is encrypted and forwarded
to the gateway address.
To configure an IPsec policy, enter the following command:
> config ipsec policy
Table 60 describes the parameters for config ipsec policy.
Table 60. IPsec Policy Parameters
Parameter Description
[name] Name for this VPN.
gateway IP address of the remote gateway.
local Local IP addresses secured by the VPN (any or addresses
specified as a range or as a subnet).
- Business Gateway 1
- Trademarks 2
- Hardware Notice 2
- ABOUT THIS GUIDE 3
- CONNECTING TO THE DEVICE 3
- INITIAL SETUP 4
- USER MANAGEMENT 4
- COMMAND INTERFACE 5
- WAN INTERFACE CONFIGURATION 5
- LAN SWITCH CONFIGURATION 5
- VLAN CONFIGURATION 6
- ROUTING CONFIGURATION 6
- SECURITY CONFIGURATION 7
- VPN CONFIGURATION 7
- GOS CONFIGURATION 8
- MGCP CONFIGURATION 9
- VOIP CONFIGURATION 9
- LOCAL CALL ROUTING 10
- SIP CONFIGURATION 10
- VOIP SERVICES AND RELAYS 11
- MONITORING 12
- MONITORING TOOLS 12
- SOFTWARE UPGRADES 13
- WEB USER INTERFACE 13
- THIRD PARTY SOFTWARE 14
- SSH FUNCTIONALITY 14
- TCPDUMP EXPRESSIONS 14
- STANDARDS COMPLIANCE 14
- RULE COMPLIANCE 14
- COPYRIGHT INFORMATION 15
- GLOSSARY 15
- Audience 23
- Organization 23
- Conventions 25
- Documentation 26
- How to get help 26
- About This Guide 27
- ONNECTING 29
- Device Features 30
- Connecting to the Device 31
- Connecting to the Unit 32
- Telnet Access 34
- Telnet Configuration Example 35
- Show Telnet Configuration 35
- Telnet Client Command 35
- Telnet Session Example 35
- SSH Server 36
- SSH Example 37
- Show SSH Configuration 37
- Regenerate SSH keys 37
- Web Server 38
- Disable Web Server Example 39
- Show Web Server Configuration 39
- Show Web Server Statistics 40
- SSL Key Command 41
- SSL CSR Command 41
- SSL Certificate 42
- SSL Configuration Example 43
- Show SSL Configuration 43
- Setting the Time 47
- SNTP Configuration Command 48
- SNTP Client Example 48
- Show SNTP Configuration 48
- Watchdog Reset Timer 49
- DNS Client 50
- Initial Setup 51
- Initial Settings 52
- ANAGEMENT 57
- Password Entry 58
- Changing a Password 59
- Showing Active Users 60
- User Accounts 61
- Add User Account Example 63
- Show User Account 63
- Deleting a User Account 63
- User Groups 64
- Add User Group Example 65
- Show a User Group 65
- Deleting a User Group 65
- User Rights 66
- Configuration Command 67
- Add User Rights Example 67
- Radius Authentication 68
- Configuration Requirements 69
- Configuration Steps 69
- Radius Authentication Records 69
- TACACS+ Authentication 71
- User Management 73
- Logging Off 78
- Saving Configuration Changes 79
- Showing the Configuration 80
- Defining Auto Run Commands 80
- Online Help 81
- Interactive Mode 82
- CLI Command Syntax 83
- Parameter Values 84
- Command Keyword NO 84
- Command Keyword ALL 85
- Maintenance Commands 86
- Command Interface 87
- Debug Commands 88
- WAN Interface (eth0) 92
- WAN Interface Configuration 93
- Show eth0 Configuration 94
- Clear Statistics 95
- Example 1 98
- Example 2 98
- Show Port Configuration 99
- Show Port Status 99
- Show Port Statistics 100
- Release 01.01 NN47928-102 101
- LAN Switch Configuration 101
- Detailed Port Statistics 101
- Clear Port Statistics 101
- LAN Interface (eth1) 102
- Show eth1 Configuration 103
- ARL Configuration 104
- Show ARL Table 105
- Layer 2 QoS 106
- Priority Queues 107
- NN47928-102 Release 01.01 108
- ONFIGURATION 111
- Packet Tagging 112
- VLAN Port Assignment Command 112
- VLAN Port Assignment Examples 112
- Show VLAN Port Assignments 113
- Delete VLAN Port Assignment 113
- Configuring a VLAN Interface 114
- VLAN IP Address Assignment 115
- *> show interface ip vif0 116
- Modifying or Deleting a VLAN 117
- VLAN Deletion Example 118
- VLAN Configuration 119
- Configuring ARP 122
- Delete ARP Entry 123
- Flush ARP Table 123
- Protecting ARP Traffic 123
- Configuring Static Routes 124
- Static Route Examples 125
- Show Route Table 125
- Starting the RIP Daemon 126
- RIP Daemon Example 127
- Show RIP Status 127
- Show RIP Routes 127
- Firewall Security Policies 130
- Security Configuration 131
- Show Firewall Log Entries 132
- Connection Time-outs 133
- Configuring NAT 134
- Configuring NAT Policies 135
- Port Forwarding 137
- Address Forwarding 138
- Static NAT Forwarding 138
- Show NAT Policies 139
- ALG Configuration 140
- Attack Types 141
- Packet Anomaly Protection 141
- Fragment Anomaly Activation 142
- Flood Protection 143
- Flood Detection Activation 144
- Setting Flood Thresholds 145
- Scan Protection 146
- Spoof Protection 147
- IDS Spoof Command 148
- IDS Spoof Example 148
- IDS Statistics 149
- Clear IDS Statistics 150
- Show IDS Log Entries 150
- Configuration Elements 154
- IKE Policies 155
- IKE Lifetime Parameters 155
- IKE Preshared Key Records 156
- Show IKE Statistics 158
- IPsec Parameters 159
- IPsec Proposals 160
- IPsec Policies 160
- VPN Configuration 161
- IPsec Policy Requirements 161
- VPN Configuration Examples 163
- ISP Tunnel Example 166
- Configuring the ISP Gateway 167
- Configuring a VPN 169
- Figure 7 Flow types 173
- VPN support on BSGX4e 174
- Configuration of Cisco 176
- Troubleshooting on BSGX4e 177
- Quality Groups 182
- GoS Classes 182
- Traffic Policing 183
- CAR Policing 184
- Configuring GoS 185
- Configuring a GoS Link 186
- Configuring Quality Groups 187
- Quality Group Command 188
- Quality Group Examples 189
- Show Quality Groups 190
- Delete a Quality Group 190
- VoIP Traffic Protection 191
- ARP Traffic Protection 191
- GoS Security Policy Examples 192
- GoS Statistics 193
- Quality Group Statistics 194
- Instantaneous Statistics 195
- Configuring QoS 197
- GoS Configuration 199
- Configuring Layer 2 QoS 201
- Example for port 1: 203
- Configuring Layer 3 QoS 204
- IICAD40CAD40 210
- SIP Servers 210
- MGCP Servers 210
- MGCP Gateway 211
- MGCP Configuration Steps 211
- MGCP Call Servers 212
- MGCP Server Profile Examples 213
- Show Server Settings 214
- Delete MGCP Server Profile 214
- Show MGCP Server Status 214
- MGCP Configuration 215
- MGCP Signaling Proxy (MSP) 216
- Show MGCP Call Statistics 219
- CA Port 221
- Act Calls 221
- Timeout 221
- Configuring the MGCP Gateway 223
- Configuration Restraints 224
- MGCP Gateway Example 225
- Show MGCP Gateway Status 226
- Show Media Stream Status 226
- MGCP Endpoints 227
- Media Settings Example 230
- Show Media Settings 230
- Show Media Status 230
- Access Control List (ACL) 232
- Access Control List Command 233
- ACL Entry Example 233
- Show ACL 234
- Show CDP Entry 234
- Show CDP Neighbors 235
- Call Admission Control (CAC) 236
- Show Call Admission Settings 237
- FXS Port Configuration 238
- VoIP Configuration 239
- Country Code Setting Example 239
- Show Country Code 239
- Jitter Buffer Settings 240
- Call Progress Tones 241
- Re-configure Tones 242
- Configuration Example 242
- DSP Gain Settings 243
- Line Impedance Settings 243
- Electrical Status 244
- Line Fault Testing 245
- Resistance Tests 246
- Monitored Calls 248
- VQM Analyser Command 249
- VQM Analyser Example 250
- Show VQM Call Summary 250
- Voice Quality Statistics 251
- Alarm Log Entries 252
- Alarm Statistics 252
- Call Records 253
- Show Call History 254
- VoIP Service Interruption 255
- Local Call Routing (LCR) Mode 256
- LCR Settings 257
- LCR Settings Command 258
- Show Gain Settings 260
- FxO Line Impedance Settings 260
- Local Call Routing 261
- Show FxO Impedance Settings 261
- Show LCR Status 262
- Show LCR Connections 262
- SIP Gateway 265
- SIP Configuration Steps 265
- SIP Call Server Access 266
- SIP Server Profile Command 267
- SIP Server Profile Examples 267
- Show SIP Server Settings 269
- Delete SIP Server Profile 270
- Show SIP Server Status 270
- SIP Session Controller 271
- SIP Signaling Proxy (SSP) 272
- SIP Configuration 273
- Show SIP Signaling Statistics 274
- Show SIP Call Statistics 275
- Show SIP Call Records 276
- Show Registered Endpoints 276
- SIP Gateway Settings Command 279
- SIP Gateway Settings Example 279
- SIP Gateway Configuration 280
- Media Stream 283
- Numbering Plan Command 284
- Numbering Plan Entry Examples 285
- Show Numbering Plan 287
- SIP Endpoints 288
- Verify Endpoint Registration 289
- IP Address Change 289
- Configuring SIP 290
- Step 5-Make calls 302
- DHCP Server 309
- VoIP Services and Relays 311
- DHCP Relay 312
- DNS Relay 313
- DNS Relay Example 314
- Show DNS Relay Settings 314
- Show DNS Sessions 314
- Show DNS Relay Cache 314
- SNTP Relay 315
- TFTP Relay 316
- TFTP Relay Settings Example 317
- Show TFTP Relay Settings 317
- Show TFTP Sessions 317
- TFTP File Cache 318
- TFTP Cache Example 319
- Show TFTP Cache Contents 319
- Delete Files to be Cached 320
- Clear TFTP Cache 320
- ONITORING 321
- Show Hardware Information 322
- Show System Status 322
- Show System Operation Summary 323
- Audit Logging 324
- Module Logging 325
- Logging Level Command 326
- Mapping Log Destinations 327
- Log Destination Map Examples 328
- Show Log Destination Map 328
- Show Module Log Entries 329
- Configure Log Server 329
- Ethernet Interface Statistics 331
- IP Stack Statistics 331
- IP Statistics 332
- ICMP Statistics 333
- UDP Statistics 335
- TCP Statistics 335
- 0 Checksum Error 0 336
- Monitoring 337
- Protocol Monitoring (PMON) 340
- Enable PMON Command 341
- PMON Trace Command 341
- PMON Configuration Example 342
- Show PMON Status 342
- Show PMON Traces 342
- Netflow Exporter 343
- Netflow Exporter Command 344
- Netflow Filter Command 345
- Netflow Configuration Example 345
- Show Netflow Status 346
- Show Netflow Filters 346
- Show Netflow Statistics 346
- Clear Netflow Statistics 346
- SNMP Agent 347
- SNMP Community Command 348
- Show SNMP Agent Configuration 349
- Show SNMP Agent Statistics 349
- Clear SNMP Statistics 351
- SNMP Traps 351
- TCPdump Command 352
- Monitoring Tools 353
- Limited Capture Example 354
- Ping Command 355
- Traceroute Command 356
- Traceroute Example 357
- File System 359
- File System Management 360
- Software Upgrades 361
- Software Upgrade Procedures 362
- Web UI Upgrade Procedure 363
- View Bootloader Version 369
- Restore the Configuration 369
- SFTP Upgrade Procedure 371
- Listing the Configuration 374
- NTERFACE 379
- Web UI Features 380
- Logging on to the Web UI 380
- Access Requirements 381
- Log on Procedure 381
- Web UI Screen Structure 382
- Operations Menu 383
- Web UI Menus 384
- Web User Interface 385
- Monitoring Example 390
- Wizards Example 391
- Exit Web UI 396
- Software Applications 399
- UNCTIONALITY 401
- Authentication 402
- Service Functions 403
- SSH System Architecture 404
- SSH-AUTH 405
- SSH-CONNECTION 405
- XPRESSIONS 407
- TCPdump Expressions 409
- TANDARDS 411
- OMPLIANCE 411
- Security 412
- Quality of Service 412
- Services 413
- Voice Standards 414
- MGCP Session Controller 415
- Standards Compliance 417
- Declaration of Conformity 420
- Supplementary Information 421
- OPYRIGHT 423
- NFORMATION 423
- Copyright Information 425
- Glossary 431
- WinSCP3 399 455
- X509 CSR 41 455
Related products and manuals for Routers Avaya BSGX4e
Routers Avaya Passport ARN Routers User Manual
(166 pages)
(166 pages)
Routers Avaya BCC Quick Start Guide
(4 pages)
(4 pages)
Routers Avaya FireWall-1 User Manual
(56 pages)
(56 pages)
Routers Avaya BSG8/12 1.0 User Manual
(862 pages)
(862 pages)
Routers Avaya C360 User Manual
(238 pages)
(238 pages)
Routers Avaya P460 User Manual
(96 pages)
(96 pages)
Routers Avaya P114F User Manual
(14 pages)
(14 pages)
Routers Avaya M15-155 User Manual
(14 pages)
(14 pages)
Routers Avaya P460 User Manual
(224 pages)
(224 pages)
© 2020, manymanuals.com. All rights reserved. | 0.970 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals