beautypg.com

Configuring spoke 1 – H3C Technologies H3C SecPath F1000-E User Manual

Page 482

background image

470

[Hub2-Tunnel1] ipsec profile vamp

[Hub2-Tunnel1] quit

To use GRE for tunnel encapsulation, perform the following configurations:

[Hub2] interface tunnel 1

[Hub2-Tunnel1] tunnel-protocol dvpn gre

[Hub2-Tunnel1] vam client dvpn1hub2

[Hub2-Tunnel1] ip address 10.0.1.2 255.255.255.0

[Hub2-Tunnel1] source GigabitEthernet 0/2

[Hub2-Tunnel1] ospf network-type p2mp

[Hub2-Tunnel1] ipsec profile vamp

[Hub2-Tunnel1] quit

5.

Configure OSPF:
# Configure OSPF for the public network.

[Hub2] ospf 100

[Hub2-ospf-100] area 0

[Hub2-ospf-100-area-0.0.0.0] network 192.168.1.2 0.0.0.255

[Hub2-ospf-100-area-0.0.0.0] quit

# Configure OSPF for the private network.

[Hub2] ospf 200

[Hub2-ospf-200] area 0

[Hub2-ospf-200-area-0.0.0.0] network 10.0.1.2 0.0.0.255

Configuring Spoke 1

1.

Configure IP addresses for the interfaces. (Details not shown.)

2.

Configure the VAM client:

system-view

# Create a VAM client named dvpn1spoke1 for VPN 1.

[Spoke1] vam client name dvpn1spoke1

[Spoke1-vam-client-name-dvpn1spoke1] vpn 1

# Specify the IP addresses of the VAM servers and set the pre-shared key.

[Spoke1-vam-client-name-dvpn1spoke1] server primary ip-address 192.168.1.22

[Spoke1-vam-client-name-dvpn1spoke1] server secondary ip-address 192.168.1.33

[Spoke1-vam-client-name-dvpn1spoke1] pre-shared-key simple 123

# Create a local user named dvpn1spoke1, setting the password as dvpn1spoke1.

[Spoke1-vam-client-name-dvpn1spoke1] user dvpn1spoke1 password simple dvpn1spoke1

[Spoke1-vam-client-name-dvpn1spoke1] client enable

[Spoke1-vam-client-name-dvpn1spoke1] quit

3.

Configure the IPsec profile:
# Configure the IPsec proposal.

[Spoke1] ipsec proposal vam

[Spoke1-ipsec-proposal-vam] encapsulation-mode tunnel

[Spoke1-ipsec-proposal-vam] transform esp

[Spoke1-ipsec-proposal-vam] esp encryption-algorithm des

[Spoke1-ipsec-proposal-vam] esp authentication-algorithm sha1

[Spoke1-ipsec-proposal-vam] quit

# Configure the IKE peer.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: