R3303-HP HSR6800 Routers Layer 3 - IP Services Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6804 Router Chassis

331

332

333

334

335

336

337

338

339

340

325

[Spoke1-vam-client-name-dvpn1spoke1] pre-shared-key simple 123

# Create a local user named dvpn1spoke1, setting the password as dvpn1spoke1.

[Spoke1-vam-client-name-dvpn1spoke1] user dvpn1spoke1 password simple dvpn1spoke1

[Spoke1-vam-client-name-dvpn1spoke1] client enable

[Spoke1-vam-client-name-dvpn1spoke1] quit

3. Configure the IPsec profile:

# Configure the IPsec transform set.

[Spoke1] ipsec transform-set vam

[Spoke1-ipsec-transform-set-vam] encapsulation-mode tunnel

[Spoke1-ipsec-transform-set-vam] transform esp

[Spoke1-ipsec-transform-set-vam] esp encryption-algorithm des

[Spoke1-ipsec-transform-set-vam] esp authentication-algorithm sha1

[Spoke1-ipsec-transform-set-vam] quit

# Configure the IKE peer.

[Spoke1] ike peer vam

[Spoke1-ike-peer-vam] pre-shared-key abcde

[Spoke1-ike-peer-vam] quit

# Configure the IPsec profile.

[Spoke1] ipsec profile vamp

[Spoke1-ipsec-profile-vamp] transform-set vam

[Spoke1-ipsec-profile-vamp] ike-peer vam

[Spoke1-ipsec-profile-vamp] sa duration time-based 600

[Spoke1-ipsec-profile-vamp] pfs dh-group2

[Spoke1-ipsec-profile-vamp] quit

4. Configure the DVPN tunnel:

# Configure tunnel interface Tunnel 1 for VPN 1.

To use UDP for tunnel encapsulation, perform the following configurations:

[Spoke1] interface tunnel 1

[Spoke1-Tunnel1] tunnel-protocol dvpn udp

[Spoke1-Tunnel1] vam client dvpn1spoke1

[Spoke1-Tunnel1] ip address 10.0.1.3 255.255.255.0

[Spoke1-Tunnel1] source gigabitethernet 3/0/1

[Spoke1-Tunnel1] ospf network-type p2mp

[Spoke1-Tunnel1] ospf dr-priority 0

[Spoke1-Tunnel1] ipsec profile vamp

[Spoke1-Tunnel1] quit

To use GRE for tunnel encapsulation, perform the following configurations: