R3303-HP HSR6800 Routers Layer 3 - IP Services Configuration Guide
306
Task Command Remarks
Display information about a
specific or all IPsec profiles.
display ipsec profile [ name
profile-name ] [ | { begin | exclude
| include } regular-expression ]
A
vailable in any view.
Remove DVPN tunnels.
reset dvpn session { all | interface
interface-type interface-number
[ private-ip ip-address ] }
A
vailable in user view.
For more information about command display ipsec profile, see Security Command Reference.
Full mesh DVPN configuration example
Network requirements
In the full mesh network shown in Figure 129, the primary VAM server and the secondary VAM server
manage and maintain information about the nodes. The AAA server takes charge of VAM client
authentication and accounting. With each being the backup of the other, the two hubs perform data
forwarding and routing information exchange.
Create a permanent tunnel between each hub-spoke pair.
Spokes in the same VPN exchange data through dynamically established tunnels between them.
Figure 129 Network diagram
Device Interface IP address
Device
Interface IP address
Hub 1 GE3/0
/
1 192.168.1.1
/
24
Spoke 1
GE3/0
/
1 192.168.1.3
/
24
Tunnel1 10.0.1.1/24 GE3/0/2 10.0.3.1/24
Tunnel2 10.0.2.1
/
24
Tunnel1 10.0.1.3
/
24
Hub 2 GE3/0
/
1 192.168.1.2
/
24
Spoke 2
GE3/0
/
1 192.168.1.4
/
24
Tunnel1 10.0.1.2/24 GE3/0/2 10.0.4.1/24
Tunnel2 10.0.2.2
/
24
GE3/0/3 10.0.6.1/24
Hub 1 Hub 2
Spoke 1 Spoke 3
Site 1 Site 4
Spoke 2
Site 2
IP network
VPN 1 Hub-to-Spoke static tunnel
VPN 2 Hub-to-Spoke static tunnel
Spoke-to-Spoke dynamic tunnel
Primary VAM server
Secondary VAM server
GE3/0/1
GE3/0/1
GE3/0/1
GE3/0/1
GE3/0/1
Tunnel1
Tunnel2
Tunnel1
Tunnel2
Tunnel1
Tunnel1
Tunnel2
Tunnel2
GE3/0/1
GE3/0/1
AAA server
GE3/0/2
GE3/0/2
GE3/0/2
VPN 1 and VPN 2 Hub-to-Hub
static tunnel
Site 3
GE3/0/3