beautypg.com

H3C Technologies H3C SecPath F1000-E User Manual

Page 419

background image

407

Table 59 Recommended configuration procedure

Step Remarks

Configuring the DVPN server

1.

Configuring local users or
RADIUS authentication

Optional.
The DVPN server can authenticate the identities of clients that try to
access the VPN domain. Only clients that pass the identity

authentication can connect to the VPN domain. The DVPN server
supports local authentication and RADIUS authentication.
For information about local user configuration, see Getting Started
Guide
. For more information about RADIUS, see Access Control

Configuration Guide.

2. Configuring a VPN domain

Required.
Configure a VPN domain and configure the relevant policies, such as

the VAM protocol packets protection and client authentication modes.

Configuring the DVPN client

3.

Configuring DVPN tunnels

Required.
Configure a tunnel interface, and configure DVPN related parameters,
such as the VAM client, the IPsec parameters, and the tunnel

parameters.

4.

Configuring Routing

Required.
To establish private networks across the public network by using
DVPN, you must perform routing configuration for devices in the

private networks. In a DVPN, route-related operations, such as
neighbor discovery, route updating, routing table establishment, are

done over DVPN tunnels. Routing information is exchanged between

Hubs or between Hubs and Spokes; it is not exchanged between
Spokes.
DVPN clients support routing protocols OSPF and BGP.

When the routing protocol is OSPF, set the network type of an OSPF

interface to broadcast in a full mesh network or P2MP in a
Hub-Spoke network. Make sure that the DR priority of a Hub is

higher than that of a Spoke. H3C recommends you to set the DR

priority of a Spoke to 0 to keep the Spoke from participating in
DR/BDR election. For information about OSPF configuration, see

Network Management Configuration Guide.

When the routing protocol is BGP, configure IBGP between the

Hubs and Spokes and configure the Hubs as the route reflectors in

a full mesh network, or configure EBGP between the Hubs and

Spokes in a Hub-Spoke network. For information about BGP
configuration, see Network Management Configuration Guide.

After the configuration, you can view the DVPN information on the DVPN server or client.

Table 60 Displaying and maintaining DVPN

Task Remarks

Displaying VAM client information

View information about registered clients on the DVPN server

Displaying DVPN session information

View DVPN tunnel information on a DVPN client