R2511-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V5)
187
Configuring the secondary VAM server
Except for the listening IP address configuration, the configurations for the secondary VAM server are the
same as those for the primary VAM server. (Details not shown.)
Configuring Hub 1
1. Configure IP addresses for the interfaces. (Details not shown.)
2. Configure the VAM client:
<Hub1> system-view
# Create a VAM client named dvpn1hub1 for VPN 1.
[Hub1] vam client name dvpn1hub1
[Hub1-vam-client-name-dvpn1hub1] vpn 1
# Specify the IP addresses of the VAM servers and set the pre-shared key.
[Hub1-vam-client-name-dvpn1hub1] server primary ip-address 192.168.1.22
[Hub1-vam-client-name-dvpn1hub1] server secondary ip-address 192.168.1.33
[Hub1-vam-client-name-dvpn1hub1] pre-shared-key simple 123
# Create a local user named dvpn1hub1, setting the password as dvpn1hub1.
[Hub1-vam-client-name-dvpn1hub1] user dvpn1hub1 password simple dvpn1hub1
[Hub1-vam-client-name-dvpn1hub1] client enable
[Hub1-vam-client-name-dvpn1hub1] quit
3. Configure the IPsec profile:
# Configure the IPsec transform set.
[Hub1] ipsec transform-set vam
[Hub1-ipsec-transform-set-vam] encapsulation-mode tunnel
[Hub1-ipsec-transform-set-vam] transform esp
[Hub1-ipsec-transform-set-vam] esp encryption-algorithm des
[Hub1-ipsec-transform-set-vam] esp authentication-algorithm sha1
[Hub1-ipsec-transform-set-vam] quit
# Configure the IKE peer.
[Hub1] ike peer vam
[Hub1-ike-peer-vam] pre-shared-key abcde
[Hub1-ike-peer-vam] quit
# Configure the IPsec profile.
[Hub1] ipsec profile vamp
[Hub1-ipsec-profile-vamp] transform-set vam
[Hub1-ipsec-profile-vamp] ike-peer vam
[Hub1-ipsec-profile-vamp] sa duration time-based 600
[Hub1-ipsec-profile-vamp] pfs dh-group2
[Hub1-ipsec-profile-vamp] quit
4. Configure DVPN tunnels:
# Configure tunnel interface Tunnel 1 for VPN 1.
To use UDP for tunnel encapsulation, perform the following configurations:
[Hub1] interface tunnel 1
[Hub1-Tunnel1] tunnel-protocol dvpn udp
[Hub1-Tunnel1] vam client dvpn1hub1
[Hub1-Tunnel1] ip address 10.0.1.1 255.255.255.0
[Hub1-Tunnel1] source ethernet 1/1