H3C Technologies H3C SecPath F1000-E User Manual

456

# Create a local user named dvpn2hub2, setting the password as dvpn2hub2.

[Hub2-vam-client-name-dvpn2hub2] user dvpn2hub2 password simple dvpn2hub2

[Hub2-vam-client-name-dvpn2hub2] client enable

[Hub2-vam-client-name-dvpn2hub2] quit

3.

Configure the IPsec profile:
# Configure the IPsec proposal.

[Hub2] ipsec proposal vam

[Hub2-ipsec-proposal-vam] encapsulation-mode tunnel

[Hub2-ipsec-proposal-vam] transform esp

[Hub2-ipsec-proposal-vam] esp encryption-algorithm des

[Hub2-ipsec-proposal-vam] esp authentication-algorithm sha1

[Hub2-ipsec-proposal-vam] quit

# Configure the IKE peer.

[Hub2] ike peer vam

[Hub2-ike-peer-vam] pre-shared-key abcde

[Hub2-ike-peer-vam] quit

# Configure the IPsec profile.

[Hub2] ipsec profile vamp

[Hub2-ipsec-profile-vamp] proposal vam

[Hub2-ipsec-profile-vamp] ike-peer vam

[Hub2-ipsec-profile-vamp] sa duration time-based 600

[Hub2-ipsec-profile-vamp] pfs dh-group2

[Hub2-ipsec-profile-vamp] quit

4.

Configure the DVPN tunnels:
# Configure tunnel interface Tunnel 1 for VPN 1. Tunnel 1 uses UDP for encapsulation.

[Hub2] interface tunnel 1

[Hub2-Tunnel1] tunnel-protocol dvpn udp

[Hub2-Tunnel1] vam client dvpn1hub2

[Hub2-Tunnel1] ip address 10.0.1.2 255.255.255.0

[Hub2-Tunnel1] source GigabitEthernet 0/2

[Hub2-Tunnel1] ospf network-type broadcast

[Hub2-Tunnel1] ipsec profile vamp

[Hub2-Tunnel1] quit

# Configure tunnel interface Tunnel 2 for VPN 2. Tunnel 2 uses GRE for encapsulation.

[Hub2] interface tunnel 2

[Hub2-Tunnel2] tunnel-protocol dvpn gre

[Hub2-Tunnel2] vam client dvpn2hub2

[Hub2-Tunnel2] ip address 10.0.2.2 255.255.255.0

[Hub2-Tunnel2] source GigabitEthernet 0/2

[Hub2-Tunnel2] ospf network-type broadcast

[Hub2-Tunnel2] ipsec profile vamp

[Hub2-Tunnel2] quit

5.

Configure OSPF:
# Configure OSPF for the public network.

[Hub2] ospf 100

[Hub2-ospf-100] area 0