R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

401

402

403

404

405

406

407

408

409

410

400

Table 60 Recommended configuration procedure

Ste

Remarks

Configuring the DVPN server

1. Configuring local users or

RADIUS authentication

Optional.

The DVPN server can authenticate the identities of clients that try to

access the VPN domain. Only clients that pass the identity authentication

can connect to the VPN domain. The DVPN server supports local

authentication and RADIUS authentication.

For information about local user configuration, see Getting Started

Guide. For more information about RADIUS, see Access Control

Configuration Guide.

2. Configuring a VPN domain

Required.

Configure a VPN domain and configure the relevant policies, such as the

VAM protocol packets protection and client authentication modes.

Configuring the DVPN client

3. Configuring DVPN tunnels

Required.

Configure a tunnel interface, and configure DVPN related parameters,

such as the VAM client, the IPsec parameters, and the tunnel parameters.

4. Configuring Routing

Required.

To establish private networks across the public network by using DVPN,

you must perform routing configuration for devices in the private

networks. In a DVPN, route-related operations, such as neighbor

discovery, route updating, routing table establishment, are done over

DVPN tunnels. Routing information is exchanged between Hubs or

between Hubs and Spokes; it is not exchanged between Spokes.

DVPN clients support routing protocols OSPF and BGP.

• When the routing protocol is OSPF, set the network type of an OSPF

interface to broadcast in a full mesh network or P2MP in a Hub-Spoke

network. Make sure that the DR priority of a Hub is higher than that of

a Spoke. HP recommends you to set the DR priority of a Spoke to 0 to

keep the Spoke from participating in DR/BDR election. For

information about OSPF configuration, see Network Management

Configuration Guide.

• When the routing protocol is BGP, configure IBGP between the Hubs

and Spokes and configure the Hubs as the route reflectors in a full

mesh network, or configure EBGP between the Hubs and Spokes in a

Hub-Spoke network. For information about BGP configuration, see

Network Management Configuration Guide.

After the configuration, you can view the DVPN information on the DVPN server or client.

Table 61 Displaying and maintaining DVPN

Task Remarks

Displaying VAM client information View information about registered clients on the DVPN server

Displaying DVPN session information

View DVPN tunnel information on a DVPN client