Deploying dvpn settings – H3C Technologies H3C Intelligent Management Center User Manual
Page 152
142
b.
Enter the DPD interval in seconds in the DPD Interval(s) box.
When the local end sends an IPsec packet, it checks the time the last IPsec packet was received
from the peer. If the time interval exceeds the DPD interval, it performs DPD detection.
c.
Enter the DPD retransmission interval in seconds in the DPD Timout(s) box.
If the local end receives no DPD acknowledgement within the DPD packet retransmission
interval, it retransmits the DPD hello. If the local end still receives no DPD acknowledgement, it
considers the peer already dead, and removes the ISAKMP SA and the IPsec SAs based on the
ISAKMP SA.
7.
Add, modify, and remove IPsec and IKE proposals in the IPsec Proposal List and IKE Proposal List.
For information about these operations, see "
Managing DVPN security configuration
8.
Add an OSPF network in the OSPF Network List if the routing protocol used by DVPN is OSPF:
By default, the OSPF network list includes an OSPF network where the hub private address resides.
The hub advertises the DVPN tunnel into the OSPF network. The two clients at the ends of the DVPN
tunnel establish an OSPF neighbor relationship.
To add an OSPF network:
a.
Click Add.
A window appears. The process ID is configured in "
Configuring global DVPN settings
it cannot be modified.
b.
Enter the area ID in the Area box.
c.
Enter a network address to be advertised by OSPF in the Subnet IP box.
d.
Enter a mask for the network address in the Subnet Mask box.
e.
Click OK.
These settings correspond to the following CLI commands:
{
ospf process-id
{
area area-id
{
network ip-address wildcard-mask
9.
Add a BGP network in the BGP Network List if the routing protocol used by DVPN is iBGP or eBGP:
a.
Click Add.
A window appears. The AS number is configured in
Configuring global DVPN settings
cannot be modified. For iBGP, the hub and spokes reside in the same AS. For eBGP, the AS
number is the initial AS number specified in global configuration.
b.
Enter the IP address to be advertised by BGP in the Private IP box.
c.
Enter the mask of the IP address in the Subnet Mask box.
d.
Click OK.
The following shows the commands for adding an BGP network at the CLI.
bgp as-number
network ip-address mask
IVM automatically configures the relationships between BGP peers.
10.
Click Finish to complete DVPN domain configuration.
Deploying DVPN settings
You only need to deploy DVPN settings because VAM clients exchange VAM packets to establish DVPN
tunnels. DVPN settings include VAM server settings for the VAM server, VAM client settings for the hub