Configuring spoke 2 – H3C Technologies H3C SecPath F1000-E User Manual

471

[Spoke1] ike peer vam

[Spoke1-ike-peer-vam] pre-shared-key abcde

[Spoke1-ike-peer-vam] quit

# Configure the IPsec profile.

[Spoke1] ipsec profile vamp

[Spoke1-ipsec-profile-vamp] proposal vam

[Spoke1-ipsec-profile-vamp] ike-peer vam

[Spoke1-ipsec-profile-vamp] sa duration time-based 600

[Spoke1-ipsec-profile-vamp] pfs dh-group2

[Spoke1-ipsec-profile-vamp] quit

4.

Configure the DVPN tunnel:
# Configure tunnel interface Tunnel 1 for VPN 1.
To use UDP for tunnel encapsulation, perform the following configurations:

[Spoke1] interface tunnel 1

[Spoke1-Tunnel1] tunnel-protocol dvpn udp

[Spoke1-Tunnel1] vam client dvpn1spoke1

[Spoke1-Tunnel1] ip address 10.0.1.3 255.255.255.0

[Spoke1-Tunnel1] source ethernet 1/1

[Spoke1-Tunnel1] ospf network-type p2mp

[Spoke1-Tunnel1] ospf dr-priority 0

[Spoke1-Tunnel1] ipsec profile vamp

[Spoke1-Tunnel1] quit

To use GRE for tunnel encapsulation, perform the following configurations:

[Spoke1] interface tunnel 1

[Spoke1-Tunnel1] tunnel-protocol dvpn gre

[Spoke1-Tunnel1] vam client dvpn1spoke1

[Spoke1-Tunnel1] ip address 10.0.1.3 255.255.255.0

[Spoke1-Tunnel1] source ethernet 1/1

[Spoke1-Tunnel1] ospf network-type p2mp

[Spoke1-Tunnel1] ospf dr-priority 0

[Spoke1-Tunnel1] ipsec profile vamp

[Spoke1-Tunnel1] quit

5.

Configure OSPF:
# Configure OSPF for the public network.

[Spoke1] ospf 100

[Spoke1-ospf-100] area 0

[Spoke1-ospf-100-area-0.0.0.0] network 192.168.1.3 0.0.0.255

[Spoke1-ospf-100-area-0.0.0.0] quit

# Configure OSPF for the private network.

[Spoke1] ospf 200

[Spoke1-ospf-200] area 0

[Spoke1-ospf-200-area-0.0.0.0] network 10.0.1.3 0.0.0.255

[Spoke1-ospf-200-area-0.0.0.0] network 10.0.2.1 0.0.0.255

Configuring Spoke 2

1.

Configure IP addresses for the interfaces. (Details not shown.)

2.

Configure the VAM client: