R3303-HP HSR6800 Routers Layer 3 - IP Services Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6804 Router Chassis

301

302

303

304

305

306

307

308

309

310

297

A VAM server supports only PAP and CHAP authentication.

To configure the client authentication mode:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter VPN domain view.

vam server vpn vpn-name N/A

3. Specify the client

authentication mode.

authentication-method { none |

{ chap | pap } [ domain

name-string ] }

Optional.

By default, a VAM server performs

CHAP authentication of clients,

using the default domain

configured for the system.

Specifying a hub

On a server, you can configure a hub by specifying its private IP address and public IP address. In a VPN

domain, you can configure up to two hubs, and the total number of spokes and hubs can be 5000 at

most.

The public IP address is optional. When a hub registers, the VAM server gets the public address of the

hub and then send the public-private address mapping to other clients.

If you specify both the private and public addresses of a hub on the server, the server considers a client

a valid hub only when both the public and private addresses that the client registers with the server match

those specified on the server.

To specify a hub:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter VPN domain view.

vam server vpn vpn-name N/A

3. Specify the private IP address

and public IP address of a

hub.

hub private-ip private-ip-address

[ public-ip public-ip-address ]

No hub is specified by default.

Configuring the pre-shared key of the VAM server

The pre-shared key is used to generate the keys for securing the channels between the server and a client.

In the connection initialization process, the pre-shared key is used to generate the initial key for

validating and encrypting connection requests and connection responses. If encryption and

authentication is needed for subsequent packets, the pre-shared key is also used to generate the

connection key for validating and encrypting the subsequent packets.

To configure the pre-shared key of the VAM server:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter VPN domain view.

vam server vpn vpn-name N/A