R3303-HP HSR6800 Routers Layer 3 - IP Services Configuration Guide
324
[Hub2-ipsec-profile-vamp] transform-set vam
[Hub2-ipsec-profile-vamp] ike-peer vam
[Hub2-ipsec-profile-vamp] sa duration time-based 600
[Hub2-ipsec-profile-vamp] pfs dh-group2
[Hub2-ipsec-profile-vamp] quit
4. Configure the DVPN tunnel:
# Configure tunnel interface Tunnel 1 for VPN 1.
To use UDP for tunnel encapsulation, perform the following configurations:
[Hub2] interface tunnel 1
[Hub2-Tunnel1] tunnel-protocol dvpn udp
[Hub2-Tunnel1] vam client dvpn1hub2
[Hub2-Tunnel1] ip address 10.0.1.2 255.255.255.0
[Hub2-Tunnel1] source gigabitethernet 3/0/1
[Hub2-Tunnel1] ospf network-type p2mp
[Hub2-Tunnel1] ipsec profile vamp
[Hub2-Tunnel1] quit
To use GRE for tunnel encapsulation, perform the following configurations:
[Hub2] interface tunnel 1
[Hub2-Tunnel1] tunnel-protocol dvpn gre
[Hub2-Tunnel1] vam client dvpn1hub2
[Hub2-Tunnel1] ip address 10.0.1.2 255.255.255.0
[Hub2-Tunnel1] source gigabitethernet 3/0/1
[Hub2-Tunnel1] ospf network-type p2mp
[Hub2-Tunnel1] ipsec profile vamp
[Hub2-Tunnel1] quit
5. Configure OSPF:
# Configure OSPF for the public network.
[Hub2] ospf 100
[Hub2-ospf-100] area 0
[Hub2-ospf-100-area-0.0.0.0] network 192.168.1.2 0.0.0.255
[Hub2-ospf-100-area-0.0.0.0] quit
# Configure OSPF for the private network.
[Hub2] ospf 200
[Hub2-ospf-200] area 0
[Hub2-ospf-200-area-0.0.0.0] network 10.0.1.2 0.0.0.255
Configuring Spoke 1
1. Configure IP addresses for the interfaces. (Details not shown.)
2. Configure the VAM client:
<Spoke1> system-view
# Create a VAM client named dvpn1spoke1 for VPN 1.
[Spoke1] vam client name dvpn1spoke1
[Spoke1-vam-client-name-dvpn1spoke1] vpn 1
# Specify the IP addresses of the VAM servers and set the pre-shared key.
[Spoke1-vam-client-name-dvpn1spoke1] server primary ip-address 192.168.1.22
[Spoke1-vam-client-name-dvpn1spoke1] server secondary ip-address 192.168.1.33