HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

461

462

463

464

465

466

467

468

469

470

455

Ste

Command

Remarks

11. Set the DR priority of the OSPF

interface.

ospf dr-priority priority

Optional for a hub but required for

a spoke, when OSPF is used.

By default, the interface DR priority

is 1.

The DR priority of a hub should be

higher than that of a spoke. HP

recommends setting the DR priority

of a spoke to 0 to keep the spoke

from participating in DR/BDR

election.

12. Bind an IPsec profile to the

DVPN tunnel interface.

ipsec profile ipsec-profile-name

Optional.

By default, no IPsec profile is

bound to a DVPN tunnel interface.

The IPsec profile to be bound must

already exist.

13. Specify the VPN to which the

tunnel destination address

belongs.

tunnel vpn-instance

vpn-instance-name

Optional.

By default, a tunnel's destination

address belongs to the public

network. The device searches the

public routing table to forward

tunneled packets.

If you use this command to specify

the VPN to which the tunnel

destination address belongs, the

device searches the routing table

of the specified VPN instance to

forward tunneled packets.

For more information about commands interface tunnel, tunnel-protocol, source, and ipsec profile, see

VPN Command Reference.

For more information about the ospf network-type and ospf dr-priority commands, see Network

Management Command Reference.

Configuring routing

To establish VPN networks across the public network by using DVPN, you must perform routing

configuration for devices in the private networks. In private networks of this type, route-related operations

such as neighbor discovery, route updating, routing table establishment, are done over DVPN tunnels.

Routing information is exchanged between hubs or between hubs and spokes. It is not exchanged

between spokes.

The routing protocol can be OSPF or BGP in a DVPN network.

• When the routing protocol is OSPF, set the network type of an OSPF interface to broadcast in a full

mesh network and P2MP in a hub-spoke network.

• When the routing protocol is BGP, configure a routing policy to make sure the next hop of a route

destined for a peer spoke is the IP address of the peer spoke in a full mesh network, or is the IP

address of the hub in a hub-spoke network,.