F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

431

432

433

434

435

436

437

438

439

440

422

3. Select the tunnel encapsulation mode, GRE or UDP.

4. Configure the tunnel interface as described in 1049HTable 62.

Table 62 Configuration items

Item Descri

tion

Tunnel Encapsulation Mode Select the DVPN tunnel encapsulation mode, which can be GRE or UDP.

Tunnel Interface Number Enter a sequence number for the tunnel interface.

IP Address/Mask

Specify the private IP address and mask for the tunnel interface.

IMPORTANT:

In a VPN domain, the private IP addresses of all tunnel interfaces must be in

the same subnet.

Security Zone of Interface Select a security zone for the tunnel interface.

Tunnel Source Address/Interface

Specify the tunnel source address for the tunnel interface, namely, the IP

address of the physical interface that sends DVPN packets. You can enter

an IP address, or select an interface to use the primary IP address of the

interface as the tunnel source address.

IMPORTANT:

If you configure multiple DVPN tunnels that use GRE encapsulation, you must

configure unique source addresses or source interfaces for these tunnels.

5. Configure VAM client information as described in 1050HTable 63.

Table 63 Configuration items

Item Descri

tion

VPN Domain Name Specify the VPN domain to which the VAM client belongs.

VAM Server IP Specify the IP address of the primary VAM server.

Backup VAM Server IP Specify the IP address of the backup VAM server.

Username

Specify the username and password for identity authentication of VAM clients.

Make sure the configured password and the confirmed password are the same.

IMPORTANT:

The Username and Password fields must both be configured or both not be configured.

Password

Confirm Password

Pre-Shared Key

Specify the pre-shared key for the VAM client. You must enter the same pre-shared key

to confirm it.

The pre-shared key is used to generate the keys for security of the channels between

the VAM server and a VAM client.

IMPORTANT:

In a VPN domain, all the VAM clients and the VAM server must be configured with the

same pre-shared key.

Confirm Pre-Shared

Key

6. Configure DVPN session parameters as described in 1051HTable 64.

Table 64 Configuration items

Item Descri

tion

Session Idle Time Set the idle timeout for the DVPN Spoke-Spoke tunnel.