R3303-HP HSR6800 Routers Layer 3 - IP Services Configuration Guide
291
Figure 125 Hub-spoke DVPN
DVPN implementation
DVPN works in three phases: connection initialization, registration, and tunnel establishment.
Connection initialization phase
When a client accesses the server for the first time, connection initialization is performed. During the
initialization procedure, the two parties negotiate whether VAM protocol packets should be secured. If so,
they negotiate the packet encryption and integrity verification algorithms, generate the keys, and
acknowledge the negotiated result.
Figure 126 Initialization process
As shown in Figure 126, a client and server take the following steps to initialize the connection:
1. The client sends the server a connection request, which carries the supported encryption and
integrity verification algorithms.
2. Upon receiving the connection request, the server begins to negotiate the algorithms to be used
with the client.
The server first compares the algorithm of the highest priority on its own algorithm list against the
algorithm list of the client. If a match is found, the algorithm is used. If not, the server compares its