3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
Introduction to DVPN 207
Register
After a client is configured with proper interface properties and the server address
and its interfaces are up, the client negotiates with the DVPN server for algorithm,
key, authentication (optional), information registering, policy issuing, and so on.
Registers are carried out through maps established between the clients and the
servers. A map remains after the client registers and accesses the DVPN domain. It
is removed only when the client exits the DVPN domain. If you remove a map
through which a client registers, the client releases all resources it occupies
(including all sessions it establishes) and resumes the initial state.
Figure 44 demonstrates the registering workflow. Any error during the workflow
results in the registering being aborted and cause the client resume the initial
state.
Figure 44 DVPN registering workflow
1 The client sends algorithm negotiation request messages to the server.
2 The server sends algorithm negotiation response messages to the client.
3 The client sends key negotiation request messages and server authentication
request messages to the server.
4 The server sends key negotiation response messages, client authentication
messages, and server authentication response messages to the client.
5 The client sends authentication messages to the server.
6 The server sends authentication result to the client.
7 The client sends register request messages to the server, where all information
about the client is included.
8 The server sends register response messages to the client, where information such
as data encrypting policies, key, and the ID of the DVPN domain is included.
Establishing session
Upon successfully registered, a client establishes a session with the DVPN server
immediately to transmit its packets using DVPN.
Client Server
(
1
)
(
2
)
(
3
)
(
5
)
(
7
)
(
4
)
(
6
)
(
8
)
Client Server
(
1
)
(
2
)
(
3
)
(
5
)
(
7
)
(
4
)
(
6
)
(
8
)