Configuring hub 2 – H3C Technologies H3C SecPath F1000-E User Manual
Page 467
455
# Configure tunnel interface Tunnel 2 for VPN 2. Tunnel 2 uses GRE for encapsulation.
[Hub1] interface tunnel 2
[Hub1-Tunnel2] tunnel-protocol dvpn gre
[Hub1-Tunnel2] vam client dvpn2hub1
[Hub1-Tunnel2] ip address 10.0.2.1 255.255.255.0
[Hub1-Tunnel2] source GigabitEthernet 0/2
[Hub1-Tunnel2] ospf network-type broadcast
[Hub1-Tunnel2] ipsec profile vamp
[Hub1-Tunnel2] quit
5.
Configure OSPF:
# Configure OSPF for the public network.
[Hub1] ospf 100
[Hub1-ospf-100] area 0
[Hub1-ospf-100-area-0.0.0.0] network 192.168.1.1 0.0.0.255
[Hub1-ospf-100-area-0.0.0.0] quit
# Configure OSPF for the private networks.
[Hub1] ospf 200
[Hub1-ospf-200] area 0
[Hub1-ospf-200-area-0.0.0.0] network 10.0.1.1 0.0.0.255
[Hub1-ospf-200-area-0.0.0.0] quit
[Hub1] ospf 300
[Hub1-ospf-300] area 0
[Hub1-ospf-300-area-0.0.0.0] network 10.0.2.1 0.0.0.255
Configuring Hub 2
1.
Configure IP addresses for the interfaces. (Details not shown.)
2.
Configure the VAM clients:
# Create a VAM client named dvpn1hub2 for VPN 1.
[Hub2] vam client name dvpn1hub2
[Hub2-vam-client-name-dvpn1hub2] vpn 1
# Specify the IP addresses of the VAM servers and set the pre-shared key.
[Hub2-vam-client-name-dvpn1hub2] server primary ip-address 192.168.1.22
[Hub2-vam-client-name-dvpn1hub2] server secondary ip-address 192.168.1.33
[Hub2-vam-client-name-dvpn1hub2] pre-shared-key simple 123
# Create a local user named dvpn1hub2, setting the password as dvpn1hub2.
[Hub2-vam-client-name-dvpn1hub2] user dvpn1hub2 password simple dvpn1hub2
[Hub2-vam-client-name-dvpn1hub2] client enable
[Hub2-vam-client-name-dvpn1hub2] quit
# Create a VAM client named dvpn2hub2 for VPN 2.
[Hub2] vam client name dvpn2hub2
[Hub2-vam-client-name-dvpn2hub2] vpn 2
# Specify the IP addresses of the VAM servers and set the pre-shared key.
[Hub2-vam-client-name-dvpn2hub2] server primary ip-address 192.168.1.22
[Hub2-vam-client-name-dvpn2hub2] server secondary ip-address 192.168.1.33
[Hub2-vam-client-name-dvpn2hub2] pre-shared-key simple 456
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS