Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
471472473474475476477478479480
465
# Configure OSPF for the private networks.
[Spoke2] ospf 200
[Spoke2-ospf-200] area 0
[Spoke2-ospf-200-area-0.0.0.0] network 10.0.1.4 0.0.0.255
[Spoke2-ospf-200-area-0.0.0.0] network 10.0.4.1 0.0.0.255
[Spoke2-ospf-200-area-0.0.0.0] quit
[Spoke2] ospf 300
[Spoke2-ospf-300] area 0
[Spoke2-ospf-300-area-0.0.0.0] network 10.0.2.4 0.0.0.255
[Spoke2-ospf-300-area-0.0.0.0] network 10.0.6.1 0.0.0.255
Configuring Spoke 3
1. Configure IP addresses for the interfaces. (Details not shown.)
2. Configure the VAM client:
<Spoke3> system-view
# Create a VAM client named dvpn2spoke3 for VPN 2.
[Spoke3] vam client name dvpn2spoke3
[Spoke3-vam-client-name-dvpn2spoke3] vpn 2
# Specify the IP addresses of the VAM servers and set the pre-shared key.
[Spoke3-vam-client-name-dvpn2spoke3] server primary ip-address 192.168.1.22
[Spoke3-vam-client-name-dvpn2spoke3] server secondary ip-address 192.168.1.33
[Spoke3-vam-client-name-dvpn2spoke3] pre-shared-key simple 456
# Create a local user named dvpn2spoke3, setting the password as dvpn2spoke3.
[Spoke3-vam-client-name-dvpn2spoke3] user dvpn2spoke3 password simple dvpn2spoke3
[Spoke3-vam-client-name-dvpn2spoke3] client enable
[Spoke3-vam-client-name-dvpn2spoke3] quit
3. Configure the IPsec profile:
# Configure the IPsec transform set.
[Spoke3] ipsec transform-set vam
[Spoke3-ipsec-transform-set-vam] encapsulation-mode tunnel
[Spoke3-ipsec-transform-set-vam] transform esp
[Spoke3-ipsec-transform-set-vam] esp encryption-algorithm des
[Spoke3-ipsec-transform-set-vam] esp authentication-algorithm sha1
[Spoke3-ipsec-transform-set-vam] quit
# Configure the IKE peer.
[Spoke3] ike peer vam
[Spoke3-ike-peer-vam] pre-shared-key abcde
[Spoke3-ike-peer-vam] quit
# Configure the IPsec profile.
[Spoke3] ipsec profile vamp
[Spoke3-ipsec-profile-vamp] transform-set vam
[Spoke3-ipsec-profile-vamp] ike-peer vam
[Spoke3-ipsec-profile-vamp] sa duration time-based 600
[Spoke3-ipsec-profile-vamp] pfs dh-group2
[Spoke3-ipsec-profile-vamp] quit
4. Configure the DVPN tunnel: