Configuring spoke 2 – H3C Technologies H3C SecPath F1000-E User Manual
Page 483
471
[Spoke1] ike peer vam
[Spoke1-ike-peer-vam] pre-shared-key abcde
[Spoke1-ike-peer-vam] quit
# Configure the IPsec profile.
[Spoke1] ipsec profile vamp
[Spoke1-ipsec-profile-vamp] proposal vam
[Spoke1-ipsec-profile-vamp] ike-peer vam
[Spoke1-ipsec-profile-vamp] sa duration time-based 600
[Spoke1-ipsec-profile-vamp] pfs dh-group2
[Spoke1-ipsec-profile-vamp] quit
4.
Configure the DVPN tunnel:
# Configure tunnel interface Tunnel 1 for VPN 1.
To use UDP for tunnel encapsulation, perform the following configurations:
[Spoke1] interface tunnel 1
[Spoke1-Tunnel1] tunnel-protocol dvpn udp
[Spoke1-Tunnel1] vam client dvpn1spoke1
[Spoke1-Tunnel1] ip address 10.0.1.3 255.255.255.0
[Spoke1-Tunnel1] source ethernet 1/1
[Spoke1-Tunnel1] ospf network-type p2mp
[Spoke1-Tunnel1] ospf dr-priority 0
[Spoke1-Tunnel1] ipsec profile vamp
[Spoke1-Tunnel1] quit
To use GRE for tunnel encapsulation, perform the following configurations:
[Spoke1] interface tunnel 1
[Spoke1-Tunnel1] tunnel-protocol dvpn gre
[Spoke1-Tunnel1] vam client dvpn1spoke1
[Spoke1-Tunnel1] ip address 10.0.1.3 255.255.255.0
[Spoke1-Tunnel1] source ethernet 1/1
[Spoke1-Tunnel1] ospf network-type p2mp
[Spoke1-Tunnel1] ospf dr-priority 0
[Spoke1-Tunnel1] ipsec profile vamp
[Spoke1-Tunnel1] quit
5.
Configure OSPF:
# Configure OSPF for the public network.
[Spoke1] ospf 100
[Spoke1-ospf-100] area 0
[Spoke1-ospf-100-area-0.0.0.0] network 192.168.1.3 0.0.0.255
[Spoke1-ospf-100-area-0.0.0.0] quit
# Configure OSPF for the private network.
[Spoke1] ospf 200
[Spoke1-ospf-200] area 0
[Spoke1-ospf-200-area-0.0.0.0] network 10.0.1.3 0.0.0.255
[Spoke1-ospf-200-area-0.0.0.0] network 10.0.2.1 0.0.0.255
Configuring Spoke 2
1.
Configure IP addresses for the interfaces. (Details not shown.)
2.
Configure the VAM client: