R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101
414
Figure 308 Network diagram
Device Interface IP address Device Interface IP address
Hub 1 GE0
/
1 192.168.1.1
/
24
Spoke 1
GE0
/
1
192.168.1.3
/
24
Tunnel1 10.0.1.1/24
GE0/2
10.0.3.1/24
Tunnel2 10.0.2.1/24 Tunnel1 10.0.1.3/24
Hub 2 GE0
/
1 192.168.1.2
/
24
Spoke 2
GE0
/
1
192.168.1.4
/
24
Tunnel1 10.0.1.2/24
GE0/2
10.0.4.1/24
Tunnel2 10.0.2.2/24 GE0/3 10.0.6.1/24
Spoke 3 GE0
/
1 192.168.1.5
/
24
Tunnel1 10.0.1.4
/
24
GE0/2 10.0.5.1/24
Tunnel2 10.0.2.4
/
24
Tunnel2 10.0.2.3/24 Main server GE0/1 192.168.1.22/24
RADIUS server
192.168.1.11
/
24
Backup server
GE0
/
1
192.168.1.33
/
24
Configuring the main VAM server
1. Configure IP addresses for the interfaces. (Details not shown)
2. Configure RADIUS scheme system:
a. From the navigation tree, select User > RADIUS, and then click Add.
Hub 1 Hub 2
Spoke 1 Spoke 3
Site 1 Site 4
Spoke 2
Site 2
IP network
VPN 1 Hub-to-Spoke static tunnel
VPN 2 Hub-to-Spoke static tunnel
Spoke-to-Spoke dynamic tunnel
Main VAM server
Backup VAM server
GE0/1
GE0/1
GE0/1
GE0/1
GE0/1
Tunnel1
Tunnel2
Tunnel1
Tunnel2
Tunnel1
Tunnel1
Tunnel2
Tunnel2
GE0/1
GE0/1
RADIUS server
GE0/2
GE0/2
GE0/2
VPN 1 and VPN 2 Hub-to-Hub
static tunnel
Site 3
GE0/3