H3C Technologies H3C Intelligent Management Center User Manual
Page 199
189
The default setting is inherited from the security template.
5.
Enter a pre-shared key in the Pre-Shared Key box.
The default setting is inherited from the security template.
6.
Select Yes or No in the DPD Confg field.
The default setting is inherited from the security template. If you select Yes, configure the following
settings:
a.
Enter a DPD name in the DPD Name box.
b.
Enter the DPD interval in seconds in the DPD Interval(s) box.
When the local end sends an IPsec packet, it checks the time the last IPsec packet was received
from the peer. If the time interval exceeds the DPD interval, it performs DPD detection.
c.
Enter the DPD retransmission interval in seconds in the DPD Timout(s) box.
If the local end receives no DPD acknowledgement within the DPD packet retransmission
interval, it retransmits the DPD hello. If the local end still receives no DPD acknowledgement, it
considers the peer already dead, and removes the ISAKMP SA and the IPsec SAs based on the
ISAKMP SA.
7.
Add, modify, and remove IPsec and IKE proposals in the IPsec Proposal List and IKE Proposal List.
For information about these operations, see "
Managing DVPN security configuration
8.
Add an OSPF network in the OSPF Network List if the routing protocol used by DVPN is OSPF:
By default, the OSPF network list includes an OSPF network where the hub private address resides.
The hub advertises the DVPN tunnel into the OSPF network. The two clients at the ends of the DVPN
tunnel establish an OSPF neighbor relationship.
To add an OSPF network:
a.
Click Add.
A window appears. The process ID is configured in DVPN global settings and cannot be
modified.
b.
Enter the area ID to which the OSPF network belongs in the Area box.
c.
Enter a network address to be advertised by OSPF in the Subnet IP box.
d.
Enter a mask for the network address in the Subnet Mask box.
e.
Click OK.
These settings correspond to the following CLI commands:
{
ospf process-id
{
area area-id
{
network ip-address wildcard-mask
9.
Add a BGP network in the BGP Network List if the routing protocol used by DVPN is iBGP or eBGP:
a.
Click Add.
A window appears. The AS number is configured in DVPN global settings and cannot be
modified. For iBGP, the hub and spokes reside in the same AS. For eBGP, the AS number is the
initial AS number specified in global configuration.
b.
Enter the IP address to be advertised by BGP in the Private IP box.
c.
Enter the mask of the IP address in the Subnet Mask box.
d.
Click OK.
The following shows the commands for adding a BGP network at the CLI.