F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100
466
Figure 345 Network diagram
Device Interface IP address Device Interface IP address
Hub 1 GE0
/
1 192.168.1.1
/
24
Spoke 1
Eth1/1
192.168.1.3
/
24
Tunnel1 10.0.1.1/24
Eth1/2
10.0.3.1/24
Tunnel2 10.0.2.1/24 Tunnel1 10.0.1.3/24
Hub 2 GE0
/
1 192.168.1.2
/
24
Spoke 2
Eth1/1
192.168.1.4
/
24
Tunnel1 10.0.1.2/24
Eth1/2
10.0.4.1/24
Tunnel2 10.0.2.2/24 Eth1/3 10.0.6.1/24
Spoke 3 Eth1/1 192.168.1.5
/
24
Tunnel1 10.0.1.4
/
24
Eth1/2 10.0.5.1/24
Tunnel2 10.0.2.4
/
24
Tunnel2 10.0.2.3/24 Primary server Eth1/1 192.168.1.22/24
A
AA server 192.168.1.11
/
24
Secondary
server
Eth1
/
1
192.168.1.33/
/
24
651BConfiguring the primary VAM server
1. Configure IP addresses for the interfaces. (Details not shown.)
2. Configure AAA:
<PrimaryServer> system-view
# Configure RADIUS scheme radsun.
[PrimaryServer] radius scheme radsun
[PrimaryServer-radius-radsun] primary authentication 192.168.1.11 1812
[PrimaryServer-radius-radsun] primary accounting 192.168.1.11 1813
[PrimaryServer-radius-radsun] key authentication expert
[PrimaryServer-radius-radsun] key accounting expert
[PrimaryServer-radius-radsun] server-type extended
[PrimaryServer-radius-radsun] user-name-format without-domain
[PrimaryServer-radius-radsun] quit
# Configure the AAA methods for the ISP domain domain1.
[PrimaryServer] domain domain1