H3C Technologies H3C Intelligent Management Center User Manual

Page 196

Advertising
background image

186

{

VPN Name—Name of the DVPN, configured in global DVPN settings.

{

Routing Protocol—Routing protocol used by DVPN, which is OSPF, iBGP, or eBGP:

OSPF—Displays the OSPF process ID and area ID.

iBGP—Displays the local AS number and the cluster ID of the BGP route reflector. The cluster
ID is the same as the AS number.

eBGP—Displays the initial AS number.

2.

Modify the IPsec profile name in the IPsec Profile box.
The default IPsec profile name is profile.

3.

Modify the IKE peer name in the IKE Peer box.
The default IKE peer name is peer.

4.

Select the Plaintext or Ciphertext format for the IKE authentication key in the Key Type field.
The default setting is inherited from the security template.

5.

Modify the pre-shared key in the Pre-Shared Key box.
The default setting is inherited from the security template.

6.

Select Yes or No in the DPD Confg field.
The default setting is inherited from the security template. If you select Yes, configure the following
settings:

a.

Enter a DPD name in the DPD Name box.

b.

Enter the DPD interval in seconds in the DPD Interval(s) box.
When the local end sends an IPsec packet, it checks the time the last IPsec packet was received
from the peer. If the time interval exceeds the DPD interval, it performs DPD detection.

c.

Enter the DPD retransmission interval in seconds in the DPD Timout(s) box.
If the local end receives no DPD acknowledgement within the DPD packet retransmission
interval, it retransmits the DPD hello. If the local end still receives no DPD acknowledgement, it
considers the peer already dead, and removes the ISAKMP SA and the IPsec SAs based on the

ISAKMP SA.

7.

Add, modify, and remove IPsec and IKE proposals in the IPsec Proposal List and IKE Proposal List.
For information about these operations, see "

Managing DVPN security configuration

."

8.

Add an OSPF network in the OSPF Network List if the routing protocol used by DVPN is OSPF:
By default, the OSPF network list includes an OSPF network where the hub private address resides.
The hub advertises the DVPN tunnel into the OSPF network. The two clients at the ends of the DVPN

tunnel establish an OSPF neighbor relationship.
To add an OSPF network:

a.

Click Add.
A window appears. The process ID is configured in DVPN global settings and cannot be
modified.

b.

Enter the area ID to which the OSPF network belongs in the Area box.

c.

Enter a network address to be advertised by OSPF in the Subnet IP box.

d.

Enter a mask for the network address in the Subnet Mask box.

e.

Click OK.

These settings correspond to the following CLI commands:

{

ospf process-id

Advertising
Popular Brands
Popular manuals