Application Note: G350 and G250 R3.0 IPSec VPN Note: G350 and G250 R3.0 IPSec VPN ... 15 3 Operational Model ... ESP Encapsulating Security Protocol

  • View
    221

  • Download
    3

Embed Size (px)

Text of Application Note: G350 and G250 R3.0 IPSec VPN Note: G350 and G250 R3.0 IPSec VPN ... 15 3...

  • Application Note: G350 and G250 R3.0 IPSec VPN

    ABSTRACT This document provides an overview of IPSec VPN functionality in Release 3.0 of the G350 and G250 Media Gateways. This document includes a brief overview of the G350 and G250, the VPN features to be provided in Release 3.0, VPN-related command-line interface commands, sample configurations, and information about the performance that was measured in lab tests. Application Note Document number: 08-300651 July 2005

    Avaya Inc. Proprietary Use Pursuant to Company Instructions

  • All information in this document is subject to change without notice. Although the information is believed to be accurate, it is provided without guarantee of complete accuracy and without warranty of any kind. It is the users responsibility to verify and test all information in this document. Avaya shall not be liable for any adverse outcomes resulting from the application of this document; the user must take full responsibility. 2005 Avaya Inc. All Rights Reserved. Avaya and the Avaya Logo are trademarks of Avaya Inc. or Avaya ECS Ltd., a wholly owned subsidiary of Avaya Inc. and may be registered in the US and other jurisdictions. All trademarks identified by and are registered trademarks or trademarks, respectively, of Avaya Inc. All other registered trademarks or trademarks are property of their respective owners.

    Avaya Inc. Proprietary Use Pursuant to Company Instructions

    2

  • Table of Contents 1 General ..................................................................................................................................................................5

    1.1 Scope and introduction ..................................................................................................................................5 1.2 Definitions, abbreviations, and textual conventions ......................................................................................5

    2 Overview ...............................................................................................................................................................7 2.1 The G350 Media Gateway.............................................................................................................................7

    2.1.1 .. The G250 Media Gateway.........................................................................................................................8 2.2 Features of the G350 and G250 R3.0 IPSec VPN .........................................................................................9

    2.2.1 .. Interoperability and certification................................................................................................................9 2.3 Design for QoS ............................................................................................................................................10 2.4 Routing, resiliency, and load sharing...........................................................................................................11 2.5 Security........................................................................................................................................................13 2.6 Administration and maintenance .................................................................................................................15

    3 Operational Model...............................................................................................................................................16 3.1 The G350 and G250 interfaces ....................................................................................................................16 3.2 VPN configuration model............................................................................................................................17

    4 VPN CLI..............................................................................................................................................................19 4.1 Configuration commands.............................................................................................................................19

    4.1.1 .. Configure isakmp peer parameters ..........................................................................................................19

    4.1.2 .. Configure isakmp peer-group parameters................................................................................................19

    4.1.3 .. Configure isakmp policy parameters .......................................................................................................20

    4.1.4 .. Configure IPSec parameters ....................................................................................................................21

    4.1.5 .. Configure crypto map ..............................................................................................................................21

    4.1.6 .. Configure crypto list ................................................................................................................................22

    4.1.7 .. Interface context ......................................................................................................................................22 4.2 Intervention commands ...............................................................................................................................22 4.3 show commands...........................................................................................................................................23

    5 VPN application samples.....................................................................................................................................24 5.1 Spoke with hub resiliency and load sharing through GRE ..........................................................................24

    5.1.1 .. Hub resiliency..........................................................................................................................................26

    5.1.2 .. Hub load sharing through GRE................................................................................................................28

    5.1.3 .. Configuration of the other elements ........................................................................................................30 5.2 A spoke GW that is connected to an external access router.........................................................................31

    6 Performance notes ...............................................................................................................................................33 6.1 Throughput ..................................................................................................................................................33 6.2 Delay............................................................................................................................................................34

    Avaya Inc. Proprietary Use Pursuant to Company Instructions

    3

  • List of Tables Table 1 - Features of the G350 Release 2.2 IPSec VPN................................................................................................9 Table 2 - Additional VPN features introduced in G350 and G250 Release 3.0 ............................................................9 Table 3 - Interoperability with other IPSec devices.......................................................................................................9 Table 4 - QoS features .................................................................................................................................................10 Table 5 - Routing, resiliency, and load-sharing features .............................................................................................11 Table 6 - Security features...........................................................................................................................................13 Table 7 - Administration and maintenance features ....................................................................................................15 Table 8 - G350 and G250 interfaces............................................................................................................................16 Table 9 - SPD components ..........................................................................................................................................18 Table 10 -Configure isakmp peer parameters..............................................................................................................19 Table 11 -Configure isakmp peer-group parameters ...................................................................................................19 Table 12 - Configure isakmp parameters.....................................................................................................................20 Table 13 - Configure IPSec parameters .......................................................................................................................21 Table 14 - Configure Crypto-Map...............................................................................................................................21 Table 15 - Configure Crypto-List ................................................................................................................................22 Table 16 - Interface context.........................................................................................................................................22 Table 17 - Tunnels.......................................................................................................................................................25 Table 18 - Full-duplex IPSec VPN