Configuring the pre-shared key of the vam server, Configuring keepalive parameters – H3C Technologies H3C SecPath F1000-E User Manual

444

NOTE:
•

The public IP address is optional. When a hub registers, the VAM server will get the public address of the
hub and then send the public-private address mapping to other clients. If you specify both the private
and public addresses of a hub on the server, the server considers a client a valid hub only when both the

public and private addresses that the client registers with the server match those specified on the server.

•

In a VPN domain, you can configure up to two hubs, and the total number of spokes and hubs can be
5000 at most.

Configuring the pre-shared key of the VAM server

The pre-shared key is used to generate the keys for securing the channels between the server and a client.

In the connection initialization process, the pre-shared key is used to generate the initial key for
validating and encrypting connection requests and connection responses. If encryption and

authentication is needed for subsequent packets, the pre-shared key is also used to generate the

connection key for validating and encrypting the subsequent packets.
To configure the pre-shared key of the VAM server:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter VPN domain view.

vam server vpn vpn-name

N/A

3.

Configure the pre-shared key

of the VAM server.

pre-shared-key { cipher | simple }
key-string

No pre-shared key exists by
default.

Configuring keepalive parameters

A client sends keepalive packets to the server periodically, and the server sends responses back to prove

its existence. If a server receives no keepalive packets from a client within a specified period (which
equals the product of the keepalive interval and the maximum number of transmission attempts), the

server removes information about the client and logs off the client.
You can set the interval at which a client sends keepalive packets and the maximum number of

transmission attempts. After a client registers with the server, the server sends these settings to the client
through its response packet.
To configure keepalive parameters:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter VPN domain view.

vam server vpn vpn-name

N/A

3.

Set the keepalive interval.

keepalive interval time-interval

Optional
180 seconds by default

4.

Set the maximum number of
transmission attempts.

keepalive retry retry-times

Optional
3 by default

NOTE:

Your keepalive settings only apply to the clients registered after the configuration. The clients registered
before that continue to use the old settings.