HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

471

472

473

474

475

476

477

478

479

480

471

charge of VAM client authentication and accounting. With each being the backup of the other, the two

hubs perform data forwarding and routing information exchange.

Create a permanent tunnel between each hub-spoke pair.

Figure 348 Network diagram

Device Interface IP address

Device

Interface IP address

Hub 1 GE0/1 192.168.1.1/24 Spoke 1 Eth1/1 192.168.1.3/24

Tunnel1 10.0.1.1/24

Eth1/2

10.0.2.1/24

Hub 2 GE0/1 192.168.1.2/24

Tunnel1 10.0.1.3/24

Tunnel1 10.0.1.2/24 Spoke 2 Eth1/1 192.168.1.4/24

Primary server Eth1/1 192.168.1.22/24

Eth1/2

10.0.3.1/24

Secondary server Eth1/1 192.168.1.33//2

Tunnel1 10.0.1.4/24

AAA server 192.168.1.11/24

Configuring the primary VAM server

1. Configure IP addresses for the interfaces. (Details not shown.)

2. Configure AAA:

<PrimaryServer> system-view

# Configure RADIUS scheme radsun.

[PrimaryServer] radius scheme radsun

[PrimaryServer-radius-radsun] primary authentication 192.168.1.11 1812

[PrimaryServer-radius-radsun] primary accounting 192.168.1.11 1813

[PrimaryServer-radius-radsun] key authentication expert

[PrimaryServer-radius-radsun] key accounting expert

[PrimaryServer-radius-radsun] server-type extended

[PrimaryServer-radius-radsun] user-name-format without-domain

[PrimaryServer-radius-radsun] quit

# Configure the AAA methods for the ISP domain domain1.

[PrimaryServer] domain domain1

Hub 1 Hub 2

Spoke 1

Site 1

IP network

VPN 1 Hub-to-Spoke static tunnel

Primary VAM server

Secondary VAM server

GE0/1

Eth1/1

Tunnel1 Tunnel1

Tunnel1

Eth1/1

AAA server

Spoke 2

Site 2

Eth1/1

Tunnel1

VPN 1 Hub-to-Hub static tunnel

Eth1/2 Eth1/2