Implementation Of Dvpn - 3Com MSR 50 Series Configuration Manual

Implementation of
DVPN
1 The client sends a registration request to the server, which includes all information
2 Upon reception of the registration request, the server determines whether to
Figure 432 Spoke-Hub/Spoke-Spoke networking diagram
VAM server
Spoke 1
Site 1
As shown in Figure 432, after a Spoke registers with the VAM server and gets
information about the Hub from the keepalive ack message, it establishes a
permanent tunnel with the Hub. Two Spokes that are not behind NAT gateways
can establish between them a direct tunnel, which is dynamic and will be aged out
whenever it is idle for a specified period of time.
DVPN works in two phases: registration and tunnel establishment. The following is
a brief description of the phases:
Registration phase
When a client accesses the server for the first time, connection initialization is
performed first. During the initialization procedure, the two parties negotiate to
determine whether VAM protocol packets should be secured. If so, they negotiate
about the encryption and integrity validation algorithms, generate the keys, and
acknowledge the negotiated result. Only after the connection initialization process
completes, can the client continues with the registration phase, which is shown in
Figure 433.
Figure 433 Registration process
about the client.
authenticate the identity of the client based on configurations. If identity
authentication is not required, it registers the client and sends to the client a
Hub
Spoke-Hub
Public network
Spoke-Spoke
DVPN Overview
Spoke 2
Site 2
1559