R2511-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V5)

156

Figure 69 Hub-spoke DVPN

DVPN implementation

DVPN operates in three phases: connection initialization, registration, and tunnel establishment.

Connection initialization phase

When a client accesses the server for the first time, connection initialization is performed. During the

initialization procedure, the two parties negotiate whether VAM protocol packets should be secured. If so,

they negotiate the packet encryption and integrity verification algorithms, generate the keys, and

acknowledge the negotiated result.

Figure 70 Initialization process

As shown in Figure 70, a client and server take the following steps to initialize the connection:

1. The client sends the server a connection request, which carries the supported encryption and

integrity verification algorithms.

2. Upon receiving the connection request, the server begins to negotiate the algorithms to be used

with the client.

The server first compares the algorithm of the highest priority on its own algorithm list against the

algorithm list of the client. If a match is found, the algorithm is used. If not, the server compares its