Adding ipsec devices, Adding dvpn domains – H3C Technologies H3C Intelligent Management Center User Manual

133

Figure 43 DVPN network

As shown in

Figure 43

, HubA, SpokeA, and SpokeB are VAM clients. ServerA and HubA have static IP

addresses, Spoke A is protected by a firewall, and SpokeB dynamically obtains its IP address from the ISP.

The IMC Platform manages VAM ServerA and HubA, and BIMS manages SpokeA and SpokeB. IVM

deploys DVPN settings to VAM ServerA and HubA, and BIMS deploys DVPN settings to SpokeA and

SpokeB.
After deployment, HubA, SpokeA, and SpokeB register node information with VAM ServerA, obtain

tunnel destination addresses from VAM ServerA, and establish DVPN tunnels protected by IPsec to the

tunnel peers.

Adding IPsec devices

After you add IPsec devices to the IMC Platform, IVM automatically manages the IPsec devices except for

the IPsec devices that run CWMP. For information about adding devices to the IMC Platform, see HP

Intelligent Management Center v7.0 Enterprise and Standard Platform Administrator Guide.
After you configure CWMP on spokes, the spokes automatically associate with BIMS and are managed

by BIMS.
To add IPsec devices managed by BIMS to IVM, see "

Managing IPsec devices

."

Adding DVPN domains

IVM defines a DVPN as a DVPN domain.
To add a DVPN domain:

1.

Click the Service tab.

2.

From the navigation tree, select IPsec VPN Manager > IPsec Resources > VPN Domains.

3.

Click Add in the VPN Domain List to add a DVPN domain by completing the following settings:

a.

Configure basic DVPN settings.

b.

Configure global DVPN settings.

c.

Configure the VAM server.

Headquarters

Internet

Branch A

Branch B

NMS

SpokeB

HubA

SpokeA

VPN

S0/0/1

S0/0/0

S0/0/2

S0/1/0

IMC

PLAT

IVM

BIMS

Internet

VAM ServerA

Headquarters

DVPN Tunnel