beautypg.com

H3C Technologies H3C SecPath F1000-E User Manual

Page 466

background image

454

[Hub1-vam-client-name-dvpn1hub1] server secondary ip-address 192.168.1.33

[Hub1-vam-client-name-dvpn1hub1] pre-shared-key simple 123

# Create a local user named dvpn1hub1, setting the password as dvpn1hub1.

[Hub1-vam-client-name-dvpn1hub1] user dvpn1hub1 password simple dvpn1hub1

[Hub1-vam-client-name-dvpn1hub1] client enable

[Hub1-vam-client-name-dvpn1hub1] quit

# Create a VAM client named dvpn2hub1 for VPN 2.

[Hub1] vam client name dvpn2hub1

[Hub1-vam-client-name-dvpn2hub1] vpn 2

# Specify the IP addresses of the VAM servers and set the pre-shared key.

[Hub1-vam-client-name-dvpn2hub1] server primary ip-address 192.168.1.22

[Hub1-vam-client-name-dvpn2hub1] server secondary ip-address 192.168.1.33

[Hub1-vam-client-name-dvpn2hub1] pre-shared-key simple 456

# Create a local user named dvpn2hub1, setting the password as dvpn2hub1.

[Hub1-vam-client-name-dvpn2hub1] user dvpn2hub1 password simple dvpn2hub1

[Hub1-vam-client-name-dvpn2hub1] client enable

[Hub1-vam-client-name-dvpn2hub1] quit

3.

Configure the IPsec profile:
# Configure the IPsec proposal.

[Hub1] ipsec proposal vam

[Hub1-ipsec-proposal-vam] encapsulation-mode tunnel

[Hub1-ipsec-proposal-vam] transform esp

[Hub1-ipsec-proposal-vam] esp encryption-algorithm des

[Hub1-ipsec-proposal-vam] esp authentication-algorithm sha1

[Hub1-ipsec-proposal-vam] quit

# Configure the IKE peer.

[Hub1] ike peer vam

[Hub1-ike-peer-vam] pre-shared-key abcde

[Hub1-ike-peer-vam] quit

# Configure the IPsec profile.

[Hub1] ipsec profile vamp

[Hub1-ipsec-profile-vamp] proposal vam

[Hub1-ipsec-profile-vamp] ike-peer vam

[Hub1-ipsec-profile-vamp] sa duration time-based 600

[Hub1-ipsec-profile-vamp] pfs dh-group2

[Hub1-ipsec-profile-vamp] quit

4.

Configure DVPN tunnels:
# Configure tunnel interface Tunnel 1 for VPN 1. Tunnel 1 uses UDP for encapsulation.

[Hub1] interface tunnel 1

[Hub1-Tunnel1] tunnel-protocol dvpn udp

[Hub1-Tunnel1] vam client dvpn1hub1

[Hub1-Tunnel1] ip address 10.0.1.1 255.255.255.0

[Hub1-Tunnel1] source GigabitEthernet 0/2

[Hub1-Tunnel1] ospf network-type broadcast

[Hub1-Tunnel1] ipsec profile vamp

[Hub1-Tunnel1] quit

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: