Mesh VPN topology – Branch Office 2

Last Updated : Nov 06, 2012 |


Traffic direction	ACL parameter	ACL value	Description
Ingress	IKE from Main Office IP to Branch IP	Permit	-
Ingress	ESP from Main Office IP to Branch IP	Permit	-
Ingress	IKE from First Branch IP to Branch IP	Permit	-
Ingress	ESP from First Branch IP to Branch IP	Permit	-
Ingress	ICMP from any IP address to local tunnel endpoint	Permit	This enables the PMTUD application to work
Ingress	All allowed services from any IP address to any local subnet	Permit	Due to the definition of the VPN Policy, this will be allowed only if traffic comes over ESP
Ingress	Default	Deny	-
Egress	IKE from Branch IP to Main Office IP	Permit	-
Egress	ESP from Branch IP to Main Office IP	Permit	-
Egress	IKE from Branch IP to First Branch IP	Permit	This enables the PMTUD application to work
Egress	ESP from Branch IP to First Branch IP	Permit	This traffic is tunnelled using VPN
Egress	ICMP from local tunnel endpoint to any IP address	Permit	This enables the PMTUD application to work
Egress	All allowed services from any local subnet to any IP address	Permit	This traffic is tunnelled using VPN
Egress	Default	Deny	-

Send Feedback

AVAYA DOCUMENTATION CENTER