Configuring routing – H3C Technologies H3C SecPath F1000-E User Manual
Page 462
450
Step Command
Remarks
13.
Associate the tunnel interface
with a VPN instance.
ip binding vpn-instance
vpn-instance-name
Optional.
By default, a tunnel interface is associated
with no VPN instance.
To isolate individual VPN domains, you
need to configure multiple VPN instances
to distinguish routes of private networks.
14.
Specify the VPN to which the
tunnel destination address
belongs.
tunnel vpn-instance
vpn-instance-name
Optional.
By default, a tunnel’s destination address
belongs to the public network. The device
searches the public routing table to
forward tunneled packets.
If you use this command to specify the VPN
to which the tunnel destination address
belongs, the device searches the routing
table of the specified VPN instance to
forward tunneled packets.
You can use the ip binding vpn-instance
command on the tunnel’s source interface
to specify the VPN to which the tunnel
source address belongs. The tunnel source
address and the tunnel destination address
must belong to the same VPN or both
belong to the public network.
NOTE:
•
If you configure the source address of a tunnel interface by specifying the source interface, the tunnel
takes the primary IP address of the source interface as its source address.
•
To configure multiple DVPN tunnels that use GRE encapsulation, you must configure unique source
addresses and source interfaces for these tunnels.
•
Tunnel interfaces of the same VPN domain must be configured with private addresses in the same
segment.
•
Tunnel interfaces of the same VPN domain must be configured with the same DVPN keepalive interval
and transmission attempt limit.
•
A DVPN tunnel interface can reference only one IPsec profile. To change the IPsec profile referenced by
a DVPN tunnel interface, you need to cancel the reference of the current IPsec profile and then apply a
new IPsec profile to the tunnel interface.
•
For more information about commands interface tunnel, tunnel-protocol, source, and ipsec profile,
see
VPN Command Reference.
•
For more information about the ospf network-type and ospf dr-priority commands, see
Network
Management Command Reference.
Configuring routing
To establish private networks across the public network by using DVPN, you must perform routing
configuration for devices in the private networks. In private networks of this type, route-related operations,
such as neighbor discovery, route updating, routing table establishment, are done over DVPN tunnels.