Avaya Tech Tip User Manual
Tech Tip
Contivity Secure IP Services Gateway
Contivity – BCM IPSec Peer-to-Peer Tunnel Using Pre-Shared Key
Authentication
Contents
Contents .......................................................................................................................................... 1
Overview.......................................................................................................................................... 1
Sample Configuration...................................................................................................................... 2
Setup........................................................................................................................................... 2
Configuring WS1......................................................................................................................... 2
Configuring WS2......................................................................................................................... 3
Configuring CES.......................................................................................................................... 3
Configuring network parameters............................................................................................. 3
Configuring Branch Office connection.................................................................................... 4
Configuring Branch Office IPSec parameters....................................................................... 12
Configuring BCM....................................................................................................................... 15
Configuring Interfaces........................................................................................................... 15
Configuring Branch Office tunnel parameters....................................................................... 17
Configuring local and remote accessible networks.............................................................. 21
Verifying firewall rules........................................................................................................... 24
Enabling IPSec ..................................................................................................................... 25
Event Log.................................................................................................................................. 26
Overview
This technical tip illustrates a sample IPSec peer-to-peer tunnel configuration between Contivity
Secure IP Services Gateway and Business Communication Manager (BCM) using pre-share d
key authentication.
TT040922 1.00 September 2004 Page: 1 of 27
Tech Tip
Contivity Secure IP Services Gateway
Contivity – BCM IPSec Peer-to-Peer Tunnel Using Pre-Shared Key
Authentication
Sample Configuration
Setup
30.1.1.0/24
192.168.10.0/24
10.1.1.0/24
WS2
BCM
WS1
CES
Branch Office Tunn el
WS1 – Windows 2000 workstation, IP 192.168.10.11/24;
WS2 - Windows 2000 workstation, IP 10.1.1.10/24;
CES – Contivity Secure IP Services Gateway, code version V04_85, management IP
192.168.10.1/24, private IP 192.168.10.2/24, public IP 30.1.1.2/24
BCM – Business Communication Manager, Private IP (LAN 1) 10.1.1.1/24, public IP (LAN 2)
30.1.1.1/24.
The goal of the configuration is to set up an IPSec peer-to-peer branch office tunnel between a
CES and a BCM using 3DES with MD5 integrity and a pre-shared key authentication.
Configuring WS1
Configure the IP address (192.168.10.11/24) on the WS1 and the CES private interface
(192.168.10.2) as the default gateway:
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.10.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.10.2
TT040922 1.00 September 2004 Page: 2 of 27
Tech Tip
Contivity Secure IP Services Gateway
Contivity – BCM IPSec Peer-to-Peer Tunnel Using Pre-Shared Key
Authentication
Configuring WS2
Configure the IP address (10.1.1.10/24) on the WS2 and the NG private interface (10.1.1.1) as a
default gateway:
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.1.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.1.1
Configuring CES
Configuring network parameters
Configure IP address for management (192.268.10.1/24), private (192.168.10.2/24) and public
(30.1.1.2/24) interfaces:
In this configuration CES and BCM are directly connected, if a router is used between CES and
BCM a public default gateway must be configured on RoutingÆStatic Routes screen by clicking
Add Public Route and specifying the address of a public default router.
TT040922 1.00 September 2004 Page: 3 of 27
Tech Tip
Contivity Secure IP Services Gateway
Contivity – BCM IPSec Peer-to-Peer Tunnel Using Pre-Shared Key
Authentication
Configuring Branch Office connection
Configure the BO connection. Navigate Profiles ÆBranch Office. To add a new group for the
branch office, next to Group click Add:
Enter a Name for Group (BO Group) and click OK:
TT040922 1.00 September 2004 Page: 4 of 27
Tech Tip
Contivity Secure IP Services Gateway
Contivity – BCM IPSec Peer-to-Peer Tunnel Using Pre-Shared Key
Authentication
From the drop down menu next to Group, select the newly created group. To add a new branch
office connection, under the Connections section click Add:
Enter a Connection Name (To BCM), leave the rest of the fields to their defaults – Control
Tunnel – Disabled, Tunnel Type – IPSec, Connection Type – Peer to Peer. Click OK:
TT040922 1.00 September 2004 Page: 5 of 27
Tech Tip
Contivity Secure IP Services Gateway
Contivity – BCM IPSec Peer-to-Peer Tunnel Using Pre-Shared Key
Authentication
The Connection Configuration screen appears. Select the Enable option:
Select CES public IP address (30.1.1.2) as the Local Endpoint IP Address;
Enter BCM public IP address (30.1.1.1) as the Remote Endpoint IP Address:
Leave the Filter at Permit All:
For Authentication select the Text Pre-Shared Key (selected by default):
Enter a Text Pre-Shared Key – 12345 in this case:
TT040922 1.00 September 2004 Page: 6 of 27
Tech Tip
Contivity Secure IP Services Gateway
Contivity – BCM IPSec Peer-to-Peer Tunnel Using Pre-Shared Key
Authentication
Leave MTU at the default setting:
No NAT will be used in this example, leave the default (None) selection for NAT:
For the IP Configuration select Static:
Define local accessible networks. Next to Local Network select Create Local Network:
The Networks screen appears. Enter the name of the network (local 192.168.10.0) to be created
and click Create:
TT040922 1.00 September 2004 Page: 7 of 27
Tech Tip
Contivity Secure IP Services Gateway
Contivity – BCM IPSec Peer-to-Peer Tunnel Using Pre-Shared Key
Authentication
Enter the IP address of the Local Accessible Network (CES private network, 192.168.10.0),
Mask associated with the address (255.255.255.0) and click Add:
Listed under the Current Subnets for Network window is the configured subnet for the network.
Click Close:
TT040922 1.00 September 2004 Page: 8 of 27
Tech Tip
Contivity Secure IP Services Gateway
Contivity – BCM IPSec Peer-to-Peer Tunnel Using Pre-Shared Key
Authentication
Listed under the Current Networks is the configured network. To return to the branch office
configuration, in the top right corner click on the Return to Connection Configuration link:
From the drop-down list next to Local Network select the newly configured local net work
(local 192.168.10.0):
Define the remote accessible networks. Under the Remote Networks click Add:
TT040922 1.00 September 2004 Page: 9 of 27
Loading...