beautypg.com

Configuring spoke 3 – H3C Technologies H3C SecPath F1000-E User Manual

Page 472

background image

460

[Spoke2-ospf-100-area-0.0.0.0] quit

# Configure OSPF for the private networks.

[Spoke2] ospf 200

[Spoke2-ospf-200] area 0

[Spoke2-ospf-200-area-0.0.0.0] network 10.0.1.4 0.0.0.255

[Spoke2-ospf-200-area-0.0.0.0] network 10.0.4.1 0.0.0.255

[Spoke2-ospf-200-area-0.0.0.0] quit

[Spoke2] ospf 300

[Spoke2-ospf-300] area 0

[Spoke2-ospf-300-area-0.0.0.0] network 10.0.2.4 0.0.0.255

[Spoke2-ospf-300-area-0.0.0.0] network 10.0.6.1 0.0.0.255

Configuring Spoke 3

1.

Configure IP addresses for the interfaces. (Details not shown.)

2.

Configure the VAM client:

system-view

# Create a VAM client named dvpn2spoke3 for VPN 2.

[Spoke3] vam client name dvpn2spoke3

[Spoke3-vam-client-name-dvpn2spoke3] vpn 2

# Specify the IP addresses of the VAM servers and set the pre-shared key.

[Spoke3-vam-client-name-dvpn2spoke3] server primary ip-address 192.168.1.22

[Spoke3-vam-client-name-dvpn2spoke3] server secondary ip-address 192.168.1.33

[Spoke3-vam-client-name-dvpn2spoke3] pre-shared-key simple 456

# Create a local user named dvpn2spoke3, setting the password as dvpn2spoke3.

[Spoke3-vam-client-name-dvpn2spoke3] user dvpn2spoke3 password simple dvpn2spoke3

[Spoke3-vam-client-name-dvpn2spoke3] client enable

[Spoke3-vam-client-name-dvpn2spoke3] quit

3.

Configure the IPsec profile:
# Configure the IPsec proposal.

[Spoke3] ipsec proposal vam

[Spoke3-ipsec-proposal-vam] encapsulation-mode tunnel

[Spoke3-ipsec-proposal-vam] transform esp

[Spoke3-ipsec-proposal-vam] esp encryption-algorithm des

[Spoke3-ipsec-proposal-vam] esp authentication-algorithm sha1

[Spoke3-ipsec-proposal-vam] quit

# Configure the IKE peer.

[Spoke3] ike peer vam

[Spoke3-ike-peer-vam] pre-shared-key abcde

[Spoke3-ike-peer-vam] quit

# Configure the IPsec profile.

[Spoke3] ipsec profile vamp

[Spoke3-ipsec-profile-vamp] proposal vam

[Spoke3-ipsec-profile-vamp] ike-peer vam

[Spoke3-ipsec-profile-vamp] sa duration time-based 600

[Spoke3-ipsec-profile-vamp] pfs dh-group2

[Spoke3-ipsec-profile-vamp] quit

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: