R2511-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V5)
180
[Spoke3] ipsec transform-set vam
[Spoke3-ipsec-transform-set-vam] encapsulation-mode tunnel
[Spoke3-ipsec-transform-set-vam] transform esp
[Spoke3-ipsec-transform-set-vam] esp encryption-algorithm des
[Spoke3-ipsec-transform-set-vam] esp authentication-algorithm sha1
[Spoke3-ipsec-transform-set-vam] quit
# Configure the IKE peer.
[Spoke3] ike peer vam
[Spoke3-ike-peer-vam] pre-shared-key abcde
[Spoke3-ike-peer-vam] quit
# Configure the IPsec profile.
[Spoke3] ipsec profile vamp
[Spoke3-ipsec-profile-vamp] transform-set vam
[Spoke3-ipsec-profile-vamp] ike-peer vam
[Spoke3-ipsec-profile-vamp] sa duration time-based 600
[Spoke3-ipsec-profile-vamp] pfs dh-group2
[Spoke3-ipsec-profile-vamp] quit
4. Configure the DVPN tunnel:
# Configure tunnel interface Tunnel 2 for VPN 2. Tunnel 2 uses GRE for encapsulation.
[Spoke3] interface tunnel 2
[Spoke3-Tunnel2] tunnel-protocol dvpn gre
[Spoke3-Tunnel2] vam client dvpn2spoke3
[Spoke3-Tunnel2] ip address 10.0.2.3 255.255.255.0
[Spoke3-Tunnel2] source ethernet 1/1
[Spoke3-Tunnel2] ospf network-type broadcast
[Spoke3-Tunnel2] ospf dr-priority 0
[Spoke3-Tunnel2] ipsec profile vamp
[Spoke3-Tunnel2] quit
5. Configure OSPF:
# Configure OSPF for the public network.
[Spoke3] ospf 100
[Spoke3-ospf-100] area 0
[Spoke3-ospf-100-area-0.0.0.0] network 192.168.1.5 0.0.0.255
[Spoke3-ospf-100-area-0.0.0.0] quit
# Configure OSPF for the private network.
[Spoke3] ospf 200
[Spoke3-ospf-200] area 0
[Spoke3-ospf-200-area-0.0.0.0] network 10.0.2.3 0.0.0.255
[Spoke3-ospf-200-area-0.0.0.0] network 10.0.5.1 0.0.0.255
Verifying the configuration
# Display the address mapping information of all VAM clients registered with the primary VAM server.
[PrimaryServer] display vam server address-map all
VPN name: 1
Total address-map number: 4
Private-ip Public-ip Type Holding time