3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

221

222

223

224

225

226

227

228

229

230

222 CHAPTER 13: DVPN

The default time out time to renegotiate a specified IPsec SA is 3600 seconds.

Displaying and

Debugging DVPN

Execute the display command in any view to display how DVPN operates.

Execute the reset command in user view to clear sessions, maps, statistics

information, or initiate a DVPN domain.

Execute the debugging command in user view to debug DVPN.

If you wan to use a new policy after changing the dvpn policy, you must reboot

the switch or the Tunnel interface. The new policy cannot be used by using the

reset command.

DVPN Configuration

Example

Network requirements

As Figure 46 shows, Branch A and Branch B establish DVPN connections with the

headquarters respectively. Detailed requirements are as follows:

■ Use the default algorithm suite (algorithm suite 1) for register and sessions,

that is, use DES for encryption, MD5 for authentication, and DH-GROUP1 for

key negotiation.

■ Data is IPsec-encrypted for security using algorithm suite 6. That is, use 3DES

for encryption, MD5 for authentication, and DH-GROUP2 for key negotiation.

Tabl e 245 Configure the time out time to renegotiate a specified IPsec SA

Operation Command

Configure the time out time to renegotiate a

specified IPsec SA

data ipsec-sa duration time-based

time-interval

Revert to the default time out time to

renegotiate a specified IPsec SA

undo data ipsec-sa duration time-based

Tabl e 246 Display and debug DVPN

Operation Command

Enable/Disable debugging for DVPN

[undo] debugging dvpn { all | error | event

{ all | register | session | misc } |

hexadecimal | packet { all | control | data |

ipsec } }

Display global information about DVPN in a

system or information about a DVPN domain

display dvpn info { dvpn-id dvpn-id | global

}

Display information about maps in a DVPN

domain

display dvpn map {all | dvpn-id dvpn-id |

public-ip public-ip }

Display information about sessions in a DVPN

domain

display dvpn session { all | dvpn-id dvpn-id

[ private-ip private-ip ] }

Display information about IPsec SAs in a DVPN

domain

display dvpn ipsec-sa { all | dvpn-id dvpn-id

[ private-ip private-ip ] }

Display information about online DVPN users display dvpn online-user

Initiate a DVPN domain reset dvpn all dvpn-id

Clear a specified map reset dvpn map public-ip port [ control-id ]

Clear a specified session reset dvpn session dvpn-id private-ip

Clear DVPN statistics information reset dvpn statistics