Avaya 3.7 Benutzerhandbuch
Using Device tabs to configure the security gateway
Issue 4 May 2005
83
13. Click Add to List to put the address/mask pair into the Current Network/Mask Pairs for this
Hop list box, which also associates the pair with the IP address of the next hop router.
14. Click Finished to return to the Static Route tab.
15. Click Save.
16. When you want to send the configuration to one or more security gateways, click Update
Devices.
Default Gateway for VPN Traffic (VPNos 3.X)
The default gateway for VPN traffic policy allows the administrator to specify a gateway that is
used for either decrypted traffic, encrypted traffic, or both. Beginning with VPNos 4.5, the default
gateway for VPN traffic policy allows the administrator to specify a gateway that is used for
decrypted traffic only.
used for either decrypted traffic, encrypted traffic, or both. Beginning with VPNos 4.5, the default
gateway for VPN traffic policy allows the administrator to specify a gateway that is used for
decrypted traffic only.
This configuration is commonly applied to a VSU in the following topology:
Figure 27: Common Default Gateway for VPN Traffic topology
1
, the Internet gateway. The VSU is
configured to protect several LANs on the other side of R
2
, the router on the private side of the
VSU.
In this topology, the administrator configures R
1
as the default gateway of the VSU and R
2
as
the Default Gateway for VPN Traffic with the decrypted box checked. Using this configuration
and checking the decrypted traffic box, all decrypted VPN traffic would be forwarded to R
and checking the decrypted traffic box, all decrypted VPN traffic would be forwarded to R
2
and
all encrypted traffic would be forwarded to R
1
. In this application, the Default Gateway for VPN
Traffic removes the need for a configured static route on the VSU for each protected LAN.
Note:
Note:
Configured static routes take precedence over the Default Gateway for VPN
Traffic.
Traffic.