beautypg.com

Configuring the secondary vam server, Configuring hub 1 – H3C Technologies H3C SecPath F1000-E User Manual

Page 465

background image

453

# Configure the AAA methods for the ISP domain domain1.

[PrimaryServer] domain domain1

[PrimaryServer-isp-domain1] authentication dvpn radius-scheme radsun

[PrimaryServer-isp-domain1] authorization dvpn radius-scheme radsun

[PrimaryServer-isp-domain1] accounting dvpn radius-scheme radsun

[PrimaryServer-isp-domain1] quit

[PrimaryServer] domain default enable domain1

3.

Configure the VAM server:
# Specify the listening address of the server.

[PrimaryServer] vam server ip-address 192.168.1.22

# Create VPN domain 1.

[PrimaryServer] vam server vpn 1

# Set the pre-shared key to 123.

[PrimaryServer-vam-server-vpn-1] pre-shared-key simple 123

# Set the VAM client authentication mode to CHAP.

[PrimaryServer-vam-server-vpn-1] authentication-method chap

# Specify the IP addresses of the hubs for VPN 1.

[PrimaryServer-vam-server-vpn-1] hub private-ip 10.0.1.1

[PrimaryServer-vam-server-vpn-1] hub private-ip 10.0.1.2

[PrimaryServer-vam-server-vpn-1] quit

# Create VPN domain 2.

[PrimaryServer] vam server vpn 2

# Set the pre-shared key to 456.

[PrimaryServer-vam-server-vpn-2] pre-shared-key simple 456

# Set the VAM client authentication mode to PAP.

[PrimaryServer-vam-server-vpn-2] authentication-method pap

# Specify the IP addresses of the hubs for VPN 2.

[PrimaryServer-vam-server-vpn-2] hub private-ip 10.0.2.1

[PrimaryServer-vam-server-vpn-2] hub private-ip 10.0.2.2

[PrimaryServer-vam-server-vpn-1] quit

# Enable VAM server for all VPNs.

[PrimaryServer] vam server enable all

Configuring the secondary VAM server

Except for the listening IP address configuration, the configurations for the secondary VAM server are the

same as those for the primary VAM server and are thus omitted.

Configuring Hub 1

1.

Configure IP addresses for the interfaces. (Details not shown.)

2.

Configure the VAM clients:

system-view

# Create a VAM client named dvpn1hub1 for VPN 1.

[Hub1] vam client name dvpn1hub1

[Hub1-vam-client-name-dvpn1hub1] vpn 1

# Specify the IP addresses of the VAM servers and set the pre-shared key.

[Hub1-vam-client-name-dvpn1hub1] server primary ip-address 192.168.1.22