Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
451452453454455456457458459460
443
When the routing protocol is BGP, configure IBGP between the hubs and spokes and configure the
hubs as the route reflectors in a full mesh network; configure EBGP between the hubs and spokes in
a hub-spoke network.
For more information about OSPF and BGP configuration, see Network Management Configuration
Guide.
Displaying and maintaining DVPN
Task Command
Remarks
Display address mapping
information about VAM clients
registered with the VAM server.
display vam server address-map { all | vpn
vpn-name [ private-ip private-ip ] } [ | { begin |
exclude | include } regular-expression ]
Available in any view
Display statistics about VAM
clients registered with the VAM
server.
display vam server statistic { all | vpn
vpn-name } [ | { begin | exclude | include }
regular-expression ]
Available in any view
Display registration information
about VAM clients.
display vam client { address-map | fsm }
[ client-name ] [ | { begin | exclude | include }
regular-expression ]
Available in any view
Display information about DVPN
tunnels.
display dvpn session { all | interface
interface-type interface-number [ private-ip
ip-address ] } [ | { begin | exclude | include }
regular-expression ]
Available in any view
Display information about a
specified or all IPsec profiles.
display ipsec profile [ name profile-name ] [ |
{ begin | exclude | include }
regular-expression ]
Available in any view
Remove DVPN tunnels.
reset dvpn session { all | interface
interface-type interface-number [ private-ip
ip-address ] }
Available in user view
NOTE:
For information about command display ipsec profile, see
VPN Command Reference
.
Full mesh DVPN configuration example
Network requirements
In the full mesh network shown in Figure 328, the primary VAM server (main) and the secondary
VAM server (backup) manage and maintain information about the nodes. The AAA server takes
charge of VAM client authentication and accounting. With each being the backup of the other, the
two hubs perform data forwarding and routing information exchange.
A permanent tunnel is established between each hub-spoke pair.
Spokes in the same VPN exchange data through dynamically established tunnels between them.