Configuring basic dvpn settings, Configuring global dvpn settings – H3C Technologies H3C Intelligent Management Center User Manual
Page 144
134
d.
Configure the hub.
e.
Configure spokes.
The following sections describe these tasks.
4.
Click Next.
Configuring basic DVPN settings
1.
Enter a name for the VPN domain in the Domain Name box.
IVM uses a case-insensitive name and a type to uniquely identify a VPN domain. The VPN
domains of the same type cannot have the same name.
2.
Enter a description for the VPN domain in the Description box.
3.
Select the DVPN type for the VPN domain.
4.
Click Next to configure global DVPN settings.
Configuring global DVPN settings
1.
Enter the name of the DVPN in the DVPN Name box.
2.
Select Full Mesh or Hub-Spoke for the DVPN Type.
{
Full Mesh—In a full-mesh DVPN, spokes can directly establish DVPN tunnels with each other.
The hub acts as the route exchange center. A DVPN tunnel between spokes is deleted if no
traffic is sent over the tunnel for a specific period.
{
Hub-Spoke—In a hub-spoke DVPN, spokes communicate with each other through the hub. The
hub acts as both the route exchange center and the traffic forwarding center.
3.
Enter a private subnet for VAM clients in the Private IP/Subnet Mask box.
The hub and spokes are VAM clients. IVM assigns an IP address from the private subnet to each
VAM client for identification.
4.
Select OSPF, iBGP, or eBGP in the Routing Protocol field for the DVPN.
VAM clients only support OSPF and BGP routing protocols.
{
OSPF—If you select OSPF, you also need to specify the OSPF process ID and area ID. All VAM
clients use the same OSPF process ID and area ID. If the DVPN type is Full Mesh, IVM sets the
OSPF network type to Broadcast. If the DVPN type is Hub-Spoke, IVM sets the OSPF network
type to P2MP. The DR priority is set to 0 for all spokes so the hub will be elected as the DR.
{
iBGP—If all VAM clients reside in the same AS, select iBGP and set the AS number.
{
eBGP—If all VAM clients reside in different ASs, select eBGP, and set the AS Number and the
AS Increment Step. IVM assigns AS numbers to the clients from the specified AS number
according to the increment step. Each AS number (not the first) has a step increase compared
with the previous AS number.
5.
Select UDP or GRE in the DVPN Tunnel Protocol field.
To traverse a NAT gateway, a DVPN tunnel must use UDP as the tunnel protocol.
6.
Select High, Medium, Low, or Custom in the Security Level field.
The DVPN domain uses the security template with the specified security level to generate DVPN
and IPsec configurations. The security template includes VAM security parameters, IPsec
parameters, IPsec proposal, and IKE proposal. If you select Custom, you must configure the
parameters for the security template. If the security template requires the VAM server to
authenticate VAM clients, you also need to configure the ISP domain name and AAA
authentication method. For information about configuring the security template, see "