R0106-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V7)
368
[Hub3-ipsec-transform-set-abc] encapsulation-mode transport
[Hub3-ipsec-transform-set-abc] esp encryption-algorithm des-cbc
[Hub3-ipsec-transform-set-abc] esp authentication-algorithm sha1
[Hub3-ipsec-transform-set-abc] quit
[Hub3] ipsec profile abc isakmp
[Hub3-ipsec-profile-isakmp-abc] transform-set abc
[Hub3-ipsec-profile-isakmp-abc] ike-profile abc
[Hub3-ipsec-profile-isakmp-abc] quit
4. Configure OSPF to advertise the private networks.
[Hub3] ospf 1
[Hub3-ospf-1] area 0
[Hub3-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255
[Hub3-ospf-1-area-0.0.0.0] quit
[Hub3-ospf-1] area 2
[Hub3-ospf-1-area-0.0.0.2] network 192.168.2.0 0.0.0.255
[Hub3-ospf-1-area-0.0.0.2] quit
[Hub3-ospf-1] quit
5. Configure the ADVPN tunnel:
# Configure UDP-mode ADVPN tunnel interface tunnel1.
[Hub3] interface tunnel1 mode advpn udp
[Hub3-Tunnel1] ip address 192.168.2.1 255.255.255.0
[Hub3-Tunnel1] vam client Hub3Group1
[Hub3-Tunnel1] ospf network-type broadcast
[Hub3-Tunnel1] source gigabitethernet 1/0/1
[Hub3-Tunnel1] tunnel protection ipsec profile abc
[Hub3-Tunnel1] undo shutdown
[Hub3-Tunnel1] quit
# Configure UDP-mode ADVPN tunnel interface tunnel2.
[Hub3] interface tunnel1 mode advpn udp
[Hub3-Tunnel1] ip address 192.168.0.3 255.255.255.0
[Hub3-Tunnel1] vam client Hub3Group0
[Hub3-Tunnel1] ospf network-type broadcast
[Hub3-Tunnel1] source gigabitethernet 1/0/1
[Hub3-Tunnel1] tunnel protection ipsec profile abc
[Hub3-Tunnel1] undo shutdown
[Hub3-Tunnel1] quit
Configuring Spoke 1
1. Configure IP addresses for the interfaces. (Details not shown.)
2. Configure the VAM client:
# Create VAM client spoke1.
<Spoke1> system-view
[Spoke1] vam client name Spoke1
# Specify ADVPN domain abc for the VAM client.
[Spoke1-vam-client-Spoke1] advpn-domain abc
# Configure a pre-shared key for the VAM client.
[Spoke1-vam-client-Spoke1] pre-shared-key simple 123456