R0106-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V7)
372
[Spoke3] ipsec profile abc isakmp
[Spoke3-ipsec-profile-isakmp-abc] transform-set abc
[Spoke3-ipsec-profile-isakmp-abc] ike-profile abc
[Spoke3-ipsec-profile-isakmp-abc] quit
4. Configure OSPF to advertise the private networks.
[Spoke3] ospf 1
[Spoke3-ospf-1] area 2
[Spoke3-ospf-1-area-0.0.0.2] network 192.168.2.0 0.0.0.255
[Spoke3-ospf-1-area-0.0.0.2] network 192.168.40.0 0.0.0.255
[Spoke3-ospf-1-area-0.0.0.2] quit
[Spoke3-ospf-1] quit
5. Configure UDP-mode ADVPN tunnel interface tunnel1. Configure its DR priority as 0 so Spoke3
will not participate in DR/BDR election.
[Spoke3] interface tunnel 1 mode advpn udp
[Spoke3-Tunnel1] ip address 192.168.2.2 255.255.255.0
[Spoke3-Tunnel1] vam client Spoke3
[Spoke3-Tunnel1] ospf network-type broadcast
[Spoke3-Tunnel1] ospf dr-priority 0
[Spoke3-Tunnel1] advpn network 192.168.40.0 255.255.255.0
[Spoke3-Tunnel1] source gigabitethernet 1/0/1
[Spoke3-Tunnel1] tunnel protection ipsec profile abc
[Spoke3-Tunnel1] undo shutdown
[Spoke3-Tunnel1] quit
Configuring Spoke 4
1. Configure IP addresses for the interfaces. (Details not shown.)
2. Configure the VAM client:
# Create VAM client spoke4.
<Spoke4> system-view
[Spoke4] vam client name Spoke4
# Specify ADVPN domain abc for the VAM client.
[Spoke4-vam-client-Spoke4] advpn-domain abc
# Configure a pre-shared key for the VAM client.
[Spoke4-vam-client-Spoke4] pre-shared-key simple 123456
# Set the username and password to spoke4.
[Spoke4-vam-client-Spoke4] user spoke4 password simple spoke4
# Specify the primary and secondary VAM servers.
[Spoke4-vam-client-Spoke4] server primary ip-address 1.0.0.11
[Spoke4-vam-client-Spoke4] server secondary ip-address 1.0.0.12
# Enable the VAM client.
[Spoke4-vam-client-Spoke4] client enable
[Spoke4-vam-client-Spoke4] quit
3. Configure the IPsec profile:
# Configure IKE.
[Spoke4] ike keychain abc
[Spoke4-ike-keychain-abc] pre-shared-key address 0.0.0.0 0.0.0.0 key simple 123456