Manualshelf

R3303-HP HSR6800 Routers Layer 3 - IP Services Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6804 Router Chassis
301302303304305306307308309310
294
Support for dynamic VAM client IP address
As each VAM client registers its public and private addresses with the VAM server and can get the public
address of the peer VAM client from the VAM server, no tunnel destination address needs to be
configured on either tunnel interface of a tunnel. When a VAM client has its IP address changed, it
reregisters with the VAM server, thus supporting dynamic IP address.
AAA identity authentication of VAM clients on the VAM server
After the initialization process completes, a VAM client registers with the VAM server. You can specify to
authenticate VAM clients during the registration process. VAM supports PAP authentication and CHAP
authentication. The VAM server uses AAA to authenticate clients in the VPN domain. A VAM client must
pass authentication to access the VPN.
Identity authentication of the VAM server and VAM client using the pre-shared key
A VAM client and the VAM server must be configured with the same pre-shared key to generate the
encryption/integrity verification key. The VAM client/VAM server can determine whether the pre-shared
keys of both sides are the same by checking the result of packet decryption and integrity verification, so
as to implement identity authentication of the VAM server/VAM client.
Encryption of VAM protocol packets
VAM protocol packets can be encrypted by using AES-128, AES-256, DES, or 3DES.
IPsec protection of data packets
Data packets in a DVPN tunnel can be protected by an IPsec profile, using security protocols ESP, AH, or
AH-ESP (ESP first, and then AH) and negotiating security policies through IKE.
Centralized management of policies
A VAM server manages all policies in a VPN domain centrally.
Support for multiple VPN domains
A VAM server supports multiple VPN domains.
DVPN configuration task list
When configuring DVPN, perform configuration in this order: the VAM server, the hubs, the spokes.
Complete the following tasks to configure DVPN:
Task Remarks
Server side configuration
Configuring AAA Optional.
Configuring the VAM server Required.
Client side configuration
Configuring a VAM client Required.
Configuring an IPsec profile Optional.
Configuring DVPN tunnel parameters Required.
Configuring routing Required.