F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

481

482

483

484

485

486

487

488

489

490

480

charge of VAM client authentication and accounting. With each being the backup of the other, the two

hubs perform data forwarding and routing information exchange.

Create a permanent tunnel between each hub-spoke pair.

Figure 346 Network diagram

Device Interface IP address

Device

Interface IP address

Hub 1 GE0/1 192.168.1.1/24 Spoke 1 Eth1/1 192.168.1.3/24

Tunnel1 10.0.1.1/24

Eth1/2

10.0.2.1/24

Hub 2 GE0

1 192.168.1.2

Tunnel1 10.0.1.3

Tunnel1 10.0.1.2/24 Spoke 2 Eth1/1 192.168.1.4/24

Primary server Eth1

1 192.168.1.22

Eth1/2

10.0.3.1/24

Secondary server Eth1/1 192.168.1.33//2

Tunnel1 10.0.1.4/24

AAA server 192.168.1.11/24

660BConfiguring the primary VAM server

1. Configure IP addresses for the interfaces. (Details not shown.)

2. Configure AAA:

<PrimaryServer> system-view

# Configure RADIUS scheme radsun.

[PrimaryServer] radius scheme radsun

[PrimaryServer-radius-radsun] primary authentication 192.168.1.11 1812

[PrimaryServer-radius-radsun] primary accounting 192.168.1.11 1813

[PrimaryServer-radius-radsun] key authentication expert

[PrimaryServer-radius-radsun] key accounting expert

[PrimaryServer-radius-radsun] server-type extended

[PrimaryServer-radius-radsun] user-name-format without-domain

[PrimaryServer-radius-radsun] quit

# Configure the AAA methods for the ISP domain domain1.

Hub 1 Hub 2

Spoke 1

Site 1

IP network

VPN 1 Hub-to-Spoke static tunnel

Primary VAM server

Secondary VAM server

GE0/1

Eth1/1

Tunnel1 Tunnel1

Tunnel1

Eth1/1

AAA server

Spoke 2

Site 2

Eth1/1

Tunnel1

VPN 1 Hub-to-Hub static tunnel

Eth1/2 Eth1/2