Configuring the secondary vam server, Configuring hub 1 – H3C Technologies H3C SecPath F1000-E User Manual
Page 465
453
# Configure the AAA methods for the ISP domain domain1.
[PrimaryServer] domain domain1
[PrimaryServer-isp-domain1] authentication dvpn radius-scheme radsun
[PrimaryServer-isp-domain1] authorization dvpn radius-scheme radsun
[PrimaryServer-isp-domain1] accounting dvpn radius-scheme radsun
[PrimaryServer-isp-domain1] quit
[PrimaryServer] domain default enable domain1
3.
Configure the VAM server:
# Specify the listening address of the server.
[PrimaryServer] vam server ip-address 192.168.1.22
# Create VPN domain 1.
[PrimaryServer] vam server vpn 1
# Set the pre-shared key to 123.
[PrimaryServer-vam-server-vpn-1] pre-shared-key simple 123
# Set the VAM client authentication mode to CHAP.
[PrimaryServer-vam-server-vpn-1] authentication-method chap
# Specify the IP addresses of the hubs for VPN 1.
[PrimaryServer-vam-server-vpn-1] hub private-ip 10.0.1.1
[PrimaryServer-vam-server-vpn-1] hub private-ip 10.0.1.2
[PrimaryServer-vam-server-vpn-1] quit
# Create VPN domain 2.
[PrimaryServer] vam server vpn 2
# Set the pre-shared key to 456.
[PrimaryServer-vam-server-vpn-2] pre-shared-key simple 456
# Set the VAM client authentication mode to PAP.
[PrimaryServer-vam-server-vpn-2] authentication-method pap
# Specify the IP addresses of the hubs for VPN 2.
[PrimaryServer-vam-server-vpn-2] hub private-ip 10.0.2.1
[PrimaryServer-vam-server-vpn-2] hub private-ip 10.0.2.2
[PrimaryServer-vam-server-vpn-1] quit
# Enable VAM server for all VPNs.
[PrimaryServer] vam server enable all
Configuring the secondary VAM server
Except for the listening IP address configuration, the configurations for the secondary VAM server are the
same as those for the primary VAM server and are thus omitted.
Configuring Hub 1
1.
Configure IP addresses for the interfaces. (Details not shown.)
2.
Configure the VAM clients:
# Create a VAM client named dvpn1hub1 for VPN 1.
[Hub1] vam client name dvpn1hub1
[Hub1-vam-client-name-dvpn1hub1] vpn 1
# Specify the IP addresses of the VAM servers and set the pre-shared key.
[Hub1-vam-client-name-dvpn1hub1] server primary ip-address 192.168.1.22
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS