Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
411412413414415416417418419420
404
Registration phase
Figure 310 Registration process
Figure 310 shows the registration process:
1. The client sends the server a registration request, which carries information about the client.
2. Upon receiving the registration request, the server first determines whether to authenticate the
identity of the client.
{ If identity authentication is not required, the server directly registers the client and sends the
client a registration acknowledgement.
{ If identity authentication is required, the server sends the client an identity authentication request,
indicating the required authentication algorithm. In the case of CHAP authentication, a random
number is also sent.
3. The client submits its identity information to the server.
4. After receiving the identity information of the client, the server sends an authentication request to
the AAA server and, after receiving the expected authentication acknowledgement, sends an
accounting request to the AAA server. When the server receives the accounting acknowledgement,
it sends the client a registration acknowledgement, telling the client information about the hubs in
the VPN.
Tunnel establishment phase
After a spoke successfully registers itself, it needs to establish a permanent tunnel with a hub. A spoke can
establish permanent tunnels with up to two hubs. If there are two hubs in a VPN domain, a permanent
tunnel is required between the hubs. Figure 311 sh
ows the tunnel e
stablishment process.
Figure 311 Tunnel establishment process
1. The initiator originates a tunnel establishment request.
Client Server
1) Registration request
2) Identity authentication request
3) Identity information
4) Registration acknowledgement