R3303-HP HSR6800 Routers Layer 3 - IP Services Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6804 Router Chassis

321

322

323

324

325

326

327

328

329

330

308

[PrimaryServer-vam-server-vpn-2] hub private-ip 10.0.2.1

[PrimaryServer-vam-server-vpn-2] hub private-ip 10.0.2.2

[PrimaryServer-vam-server-vpn-1] quit

# Enable VAM server for all VPNs.

[PrimaryServer] vam server enable all

Configuring the secondary VAM server

Except for the listening IP address configuration, the configurations for the secondary VAM server are the

same as those for the primary VAM server. (Details not shown.)

Configuring Hub 1

1. Configure IP addresses for the interfaces. (Details not shown.)

2. Configure the VAM clients:

<Hub1> system-view

# Create a VAM client named dvpn1hub1 for VPN 1.

[Hub1] vam client name dvpn1hub1

[Hub1-vam-client-name-dvpn1hub1] vpn 1

# Specify the IP addresses of the VAM servers and set the pre-shared key.

[Hub1-vam-client-name-dvpn1hub1] server primary ip-address 192.168.1.22

[Hub1-vam-client-name-dvpn1hub1] server secondary ip-address 192.168.1.33

[Hub1-vam-client-name-dvpn1hub1] pre-shared-key simple 123

# Create a local user named dvpn1hub1, setting the password as dvpn1hub1.

[Hub1-vam-client-name-dvpn1hub1] user dvpn1hub1 password simple dvpn1hub1

[Hub1-vam-client-name-dvpn1hub1] client enable

[Hub1-vam-client-name-dvpn1hub1] quit

# Create a VAM client named dvpn2hub1 for VPN 2.

[Hub1] vam client name dvpn2hub1

[Hub1-vam-client-name-dvpn2hub1] vpn 2

# Specify the IP addresses of the VAM servers and set the pre-shared key.

[Hub1-vam-client-name-dvpn2hub1] server primary ip-address 192.168.1.22

[Hub1-vam-client-name-dvpn2hub1] server secondary ip-address 192.168.1.33

[Hub1-vam-client-name-dvpn2hub1] pre-shared-key simple 456

# Create a local user named dvpn2hub1, setting the password as dvpn2hub1.

[Hub1-vam-client-name-dvpn2hub1] user dvpn2hub1 password simple dvpn2hub1

[Hub1-vam-client-name-dvpn2hub1] client enable

[Hub1-vam-client-name-dvpn2hub1] quit

3. Configure the IPsec profile:

# Configure the IPsec transform set.

[Hub1] ipsec transform-set vam

[Hub1-ipsec-transform-set-vam] encapsulation-mode tunnel

[Hub1-ipsec-transform-set-vam] transform esp

[Hub1-ipsec-transform-set-vam] esp encryption-algorithm des

[Hub1-ipsec-transform-set-vam] esp authentication-algorithm sha1

[Hub1-ipsec-transform-set-vam] quit

# Configure the IKE peer.

[Hub1] ike peer vam