Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
201202203204205206207208209210
208 CHAPTER 13: DVPN
If the packets the server receives are destined for other networks instead of the
local private network, the server forwards the packets and sends next hop
redirecting messages to the source client to inform it of the information about the
destination. The client then sends session Setup requests to the peer client to
negotiate with it for establishing a separate session and the IPsec SA (security
association). After the session is established, the two clients can communicate
with each other without the server.
When removing a session, the server checks to see if it is coupled with a registered
map. If the map does not exist, the session is removed directly. Otherwise, you
need to remove the coupled map first.
Transmitting data
You can transmit data between entities (clients and servers) after the sessions
between them are established. The data being transmitted is encrypted using
IPsec, with DES as the encryption algorithm and MD5 as the authentication
algorithm.
The encryption method mentioned above is employed by default and need not
manual configuration.
Basic Network Structure DVPN adopts a Client/Server modal. Among all the access devices in a DVPN
domain, only one can be the server and uses a fixed public IP address, whereas
others operate as clients. You need to configure information about the server
manually on each client to enable the clients to register with the server. A session
is automatically established between a client and the server after the client
successfully registers with the server. By sending redirecting packets, the server can
provide information about other clients to a client to enable sessions being
established between clients, through which the DVPN domain can be fully
connected.
When transmitted in a DVPN domain, DVPN packets are encapsulated using UDP,
that is, DVPN control packets and other DVPN packets to be forwarded are
encapsulated using UDP. As UDP packets are capable of traversing NAT gateways,
sessions can be established between DVPN clients even though they use private IP
addresses.
Figure 45 A simple DVPN network diagram