Configuring spoke 2 – H3C Technologies H3C SecPath F1000-E User Manual
Page 470
458
# Configure tunnel interface Tunnel 1 for VPN 1. Tunnel 1 uses UDP for encapsulation.
[Spoke1] interface tunnel 1
[Spoke1-Tunnel1] tunnel-protocol dvpn udp
[Spoke1-Tunnel1] vam client dvpn1spoke1
[Spoke1-Tunnel1] ip address 10.0.1.3 255.255.255.0
[Spoke1-Tunnel1] source ethernet 1/1
[Spoke1-Tunnel1] ospf network-type broadcast
[Spoke1-Tunnel1] ospf dr-priority 0
[Spoke1-Tunnel1] ipsec profile vamp
[Spoke1-Tunnel1] quit
5.
Configure OSPF:
# Configure OSPF for the public network.
[Spoke1] ospf 100
[Spoke1-ospf-100] area 0
[Spoke1-ospf-100-area-0.0.0.0] network 192.168.1.3 0.0.0.255
[Spoke1-ospf-100-area-0.0.0.0] quit
# Configure OSPF for the private network.
[Spoke1] ospf 200
[Spoke1-ospf-200] area 0
[Spoke1-ospf-200-area-0.0.0.0] network 10.0.1.3 0.0.0.255
[Spoke1-ospf-200-area-0.0.0.0] network 10.0.3.1 0.0.0.255
Configuring Spoke 2
1.
Configure IP addresses for the interfaces. (Details not shown.)
2.
Configure the VAM client:
# Create a VAM client named dvpn1spoke2 for VPN 1.
[Spoke2] vam client name dvpn1spoke2
[Spoke2-vam-client-name-dvpn1spoke2] vpn 1
# Specify the IP addresses of the VAM servers and set the pre-shared key.
[Spoke2-vam-client-name-dvpn1spoke2] server primary ip-address 192.168.1.22
[Spoke2-vam-client-name-dvpn1spoke2] server secondary ip-address 192.168.1.33
[Spoke2-vam-client-name-dvpn1spoke2] pre-shared-key simple 123
# Create a local user named dvpn1spoke2, setting the password as dvpn1spoke2.
[Spoke2-vam-client-name-dvpn1spoke2] user dvpn1spoke2 password simple dvpn1spoke2
[Spoke2-vam-client-name-dvpn1spoke2] client enable
[Spoke2-vam-client-name-dvpn1spoke2] quit
# Create a VAM client named dvpn2spoke2 for VPN 2.
[Spoke2] vam client name dvpn2spoke2
[Spoke2-vam-client-name-dvpn1spoke2] vpn 2
# Specify the IP addresses of the VAM servers and set the pre-shared key.
[Spoke2-vam-client-name-dvpn2spoke2] server primary ip-address 192.168.1.22
[Spoke2-vam-client-name-dvpn2spoke2] server secondary ip-address 192.168.1.33
[Spoke2-vam-client-name-dvpn2spoke2] pre-shared-key simple 456
# Create a local user named dvpn2spoke2, setting the password as dvpn2spoke2.
[Spoke2-vam-client-name-dvpn1spoke2] user dvpn2spoke2 password simple dvpn2spoke2
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS