Creating a vpn domain, Enabling vam server – H3C Technologies H3C SecPath F1000-E User Manual

442

Task Remarks

Configuring the listening IP address and UDP port number

Optional

Configuring the security parameters of VAM protocol packets

Optional

Specifying the client authentication mode

Optional

Specifying hub IP addresses

Required

Configuring the pre-shared key of the VAM server

Required

Configuring keepalive parameters

Optional

Creating a VPN domain

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create a VPN domain and
enter VPN domain view.

vam server vpn vpn-name

No VPN domain exists by default.

Enabling VAM server

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable VAM server.

•

(Approach 1) Enable VAM server for one or

all VPN domains:
vam server enable { all | vpn vpn-name }

•

(Approach 2) Enable VAM server for a VPN

domain:

a.

vam server vpn vpn-name

b.

server enable

Use either approach.
By default, VAM server is

disabled.

Configuring the listening IP address and UDP port number

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Configure the listening IP

address and UDP port number
of the server.

vam server ip-address ip-address
[ port port-number ]

Not configured by default

NOTE:

If you do not specify a listening IP address and port number on a VAM server, the VAM server listens to all
packets whose destination IP address is a local interface IP address and destination port number is 18000.

Configuring the security parameters of VAM protocol packets

Based on the packet integrity authentication algorithm and encryption algorithm configuration, a VAM

server negotiates with a client to determine the protocol packets’ integrity authentication and encryption

algorithms to be used between them.