Configuring routing – H3C Technologies H3C SecPath F1000-E User Manual

450

Step Command

Remarks

13.

Associate the tunnel interface
with a VPN instance.

ip binding vpn-instance
vpn-instance-name

Optional.
By default, a tunnel interface is associated

with no VPN instance.
To isolate individual VPN domains, you
need to configure multiple VPN instances

to distinguish routes of private networks.

14.

Specify the VPN to which the

tunnel destination address
belongs.

tunnel vpn-instance
vpn-instance-name

Optional.
By default, a tunnel’s destination address
belongs to the public network. The device

searches the public routing table to

forward tunneled packets.
If you use this command to specify the VPN
to which the tunnel destination address

belongs, the device searches the routing

table of the specified VPN instance to
forward tunneled packets.
You can use the ip binding vpn-instance
command on the tunnel’s source interface

to specify the VPN to which the tunnel
source address belongs. The tunnel source

address and the tunnel destination address

must belong to the same VPN or both
belong to the public network.

NOTE:
•

If you configure the source address of a tunnel interface by specifying the source interface, the tunnel
takes the primary IP address of the source interface as its source address.

•

To configure multiple DVPN tunnels that use GRE encapsulation, you must configure unique source
addresses and source interfaces for these tunnels.

•

Tunnel interfaces of the same VPN domain must be configured with private addresses in the same
segment.

•

Tunnel interfaces of the same VPN domain must be configured with the same DVPN keepalive interval
and transmission attempt limit.

•

A DVPN tunnel interface can reference only one IPsec profile. To change the IPsec profile referenced by
a DVPN tunnel interface, you need to cancel the reference of the current IPsec profile and then apply a
new IPsec profile to the tunnel interface.

•

For more information about commands interface tunnel, tunnel-protocol, source, and ipsec profile,
see

VPN Command Reference.

•

For more information about the ospf network-type and ospf dr-priority commands, see

Network

Management Command Reference.

Configuring routing

To establish private networks across the public network by using DVPN, you must perform routing
configuration for devices in the private networks. In private networks of this type, route-related operations,

such as neighbor discovery, route updating, routing table establishment, are done over DVPN tunnels.