R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101
434
Task Remarks
Configuring the security parameters of VAM protocol packets Optional
Specifying the client authentication mode Optional
Specifying hub IP addresses Required
Configuring the pre-shared key of the VAM server Required
Configuring keepalive parameters Optional
Creating a VPN domain
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a VPN domain and
enter VPN domain view.
vam server vpn vpn-name No VPN domain exists by default.
Enabling VAM server
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Enable VAM server.
• (Approach 1) Enable VAM server for one or all VPN
domains:
vam server enable { all | vpn vpn-name }
• (Approach 2) Enable VAM server for a VPN domain:
a. vam server vpn vpn-name
b. server enable
Use either
approach.
By default, VAM
server is disabled.
Configuring the listening IP address and UDP port number
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Configure the listening IP
address and UDP port number
of the server.
vam server ip-address ip-address
[ port port-number ]
Not configured by default
NOTE:
If you do not specify a listening IP address and port number on a VAM server, the VAM server listens to all
packets whose destination IP address is a local interface IP address and destination port number is 18000.
Configuring the security parameters of VAM protocol packets
Based on the packet integrity authentication algorithm and encryption algorithm configuration, a VAM
server negotiates with a client to determine the protocol packets’ integrity authentication and encryption
algorithms to be used between them.
To configure VAM protocol packet security parameters: