beautypg.com

H3C Technologies H3C SecPath F1000-E User Manual

Page 484

background image

472

system-view

# Create a VAM client named dvpn1spoke2 for VPN 1.

[Spoke2] vam client name dvpn1spoke2

[Spoke2-vam-client-name-dvpn1spoke2] vpn 1

# Specify the IP addresses of the VAM servers and set the pre-shared key.

[Spoke2-vam-client-name-dvpn1spoke2] server primary ip-address 192.168.1.22

[Spoke2-vam-client-name-dvpn1spoke2] server secondary ip-address 192.168.1.33

[Spoke2-vam-client-name-dvpn1spoke2] pre-shared-key simple 123

# Create a local user named dvpn1spoke2, setting the password as dvpn1spoke2.

[Spoke2-vam-client-name-dvpn1spoke2] user dvpn1spoke2 password simple dvpn1spoke2

[Spoke2-vam-client-name-dvpn1spoke2] client enable

[Spoke2-vam-client-name-dvpn1spoke2] quit

3.

Configure the IPsec profile:
# Configure the IPsec proposal.

[Spoke2] ipsec proposal vam

[Spoke2-ipsec-proposal-vam] encapsulation-mode tunnel

[Spoke2-ipsec-proposal-vam] transform esp

[Spoke2-ipsec-proposal-vam] esp encryption-algorithm des

[Spoke2-ipsec-proposal-vam] esp authentication-algorithm sha1

[Spoke2-ipsec-proposal-vam] quit

# Configure the IKE peer.

[Spoke2] ike peer vam

[Spoke2-ike-peer-vam] pre-shared-key abcde

[Spoke2-ike-peer-vam] quit

# Configure the IPsec profile.

[Spoke2] ipsec profile vamp

[Spoke2-ipsec-profile-vamp] proposal vam

[Spoke2-ipsec-profile-vamp] ike-peer vam

[Spoke2-ipsec-profile-vamp] sa duration time-based 600

[Spoke2-ipsec-profile-vamp] pfs dh-group2

[Spoke2-ipsec-profile-vamp] quit

4.

Configure the DVPN tunnel:
# Configure tunnel interface Tunnel 1 for VPN 1.
To use UDP for tunnel encapsulation, perform the following configurations:

[Spoke2] interface tunnel 1

[Spoke2-Tunnel1] tunnel-protocol dvpn udp

[Spoke2-Tunnel1] vam client dvpn1spoke2

[Spoke2-Tunnel1] ip address 10.0.1.4 255.255.255.0

[Spoke2-Tunnel1] source ethernet 1/1

[Spoke2-Tunnel1] ospf network-type p2mp

[Spoke2-Tunnel1] ospf dr-priority 0

[Spoke2-Tunnel1] ipsec profile vamp

[Spoke2-Tunnel1] quit

To use GRE for tunnel encapsulation, perform the following configurations:

[Spoke2] interface tunnel 1

[Spoke2-Tunnel1] tunnel-protocol dvpn gre