R2511-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V5)
175
[Hub2-vam-client-name-dvpn1hub2] vpn 1
# Specify the IP addresses of the VAM servers and set the pre-shared key.
[Hub2-vam-client-name-dvpn1hub2] server primary ip-address 192.168.1.22
[Hub2-vam-client-name-dvpn1hub2] server secondary ip-address 192.168.1.33
[Hub2-vam-client-name-dvpn1hub2] pre-shared-key simple 123
# Create a local user named dvpn1hub2, setting the password as dvpn1hub2.
[Hub2-vam-client-name-dvpn1hub2] user dvpn1hub2 password simple dvpn1hub2
[Hub2-vam-client-name-dvpn1hub2] client enable
[Hub2-vam-client-name-dvpn1hub2] quit
# Create a VAM client named dvpn2hub2 for VPN 2.
[Hub2] vam client name dvpn2hub2
[Hub2-vam-client-name-dvpn2hub2] vpn 2
# Specify the IP addresses of the VAM servers and set the pre-shared key.
[Hub2-vam-client-name-dvpn2hub2] server primary ip-address 192.168.1.22
[Hub2-vam-client-name-dvpn2hub2] server secondary ip-address 192.168.1.33
[Hub2-vam-client-name-dvpn2hub2] pre-shared-key simple 456
# Create a local user named dvpn2hub2, setting the password as dvpn2hub2.
[Hub2-vam-client-name-dvpn2hub2] user dvpn2hub2 password simple dvpn2hub2
[Hub2-vam-client-name-dvpn2hub2] client enable
[Hub2-vam-client-name-dvpn2hub2] quit
3. Configure the IPsec profile:
# Configure the IPsec transform set.
[Hub2] ipsec transform-set vam
[Hub2-ipsec-transform-set-vam] encapsulation-mode tunnel
[Hub2-ipsec-transform-set-vam] transform esp
[Hub2-ipsec-transform-set-vam] esp encryption-algorithm des
[Hub2-ipsec-transform-set-vam] esp authentication-algorithm sha1
[Hub2-ipsec-transform-set-vam] quit
# Configure the IKE peer.
[Hub2] ike peer vam
[Hub2-ike-peer-vam] pre-shared-key abcde
[Hub2-ike-peer-vam] quit
# Configure the IPsec profile.
[Hub2] ipsec profile vamp
[Hub2-ipsec-profile-vamp] transform-set vam
[Hub2-ipsec-profile-vamp] ike-peer vam
[Hub2-ipsec-profile-vamp] sa duration time-based 600
[Hub2-ipsec-profile-vamp] pfs dh-group2
[Hub2-ipsec-profile-vamp] quit
4. Configure the DVPN tunnels:
# Configure tunnel interface Tunnel1 for VPN 1. Tunnel 1 uses UDP for encapsulation.
[Hub2] interface tunnel 1
[Hub2-Tunnel1] tunnel-protocol dvpn udp
[Hub2-Tunnel1] vam client dvpn1hub2
[Hub2-Tunnel1] ip address 10.0.1.2 255.255.255.0
[Hub2-Tunnel1] source ethernet 1/1