Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
401402403404405406407408409410
400
Configuring DVPN
The term "router" in this document refers to both routers and routing-capable firewalls and firewall
modules.
Feature and hardware compatibility
Hardware DVPN com
p
atible
F1000-A-EI/F1000-S-EI No
F1000-E Yes
F5000 Yes
F5000-S/F5000-C Yes
VPN firewall modules Yes
20-Gbps VPN firewall modules No
Overview
DVPN enables enterprise branches that use dynamic public addresses to establish a VPN network. It uses
the VPN Address Management (VAM) protocol to collect, maintain, and distribute dynamic public
addresses.
In DVPN, a collection of nodes connected to the public network form a VPN. From the perspective of
DVPN, the public network is the link layer of the VPN, and the tunnels between VPN nodes constitute the
network layer. Branch devices dynamically access the public network. DVPN can get the public IP
addresses of the peers through VAM to set up secure internal tunnels conveniently.
When a DVPN device forwards a packet from a user subnet to another, it performs these operations:
1. Gets the next hop on the private network through a routing protocol.
2. Gets the public network address of the next hop through the VAM protocol.
3. Encapsulates the packet, using the public address as the destination address of the tunnel.
4. Sends the packet along the tunnel to the destination.
Basic concepts
The following key roles are involved in DVPN:
DVPN node—A DVPN node is a device at an end of a DVPN tunnel. It can be a networking device
or a host. A DVPN node takes part in tunnel setup and must implement the VAM client.
VAM server—A VAM server receives registration information from DVPN nodes and manages and
maintains information about DVPN clients. A VAM server is usually a high performance routing
device with VAM server enabled.