1564
C
80: DVPN C
HAPTER
n
Configuring a Client
Authentication Mode
Configuring the IP
Address of Hub
n
ONFIGURATION
To do...
Specify authentication
algorithms and their priorities
for VAM PDUs
Specify encryption algorithms
for VAM PDUs and their
priorities
The authentication algorithm of SHA-1 is always used for connection requests
■
from clients and connection responses from the server. Whether subsequent
packets are to be authenticated depends on your configuration.
The encryption algorithm of AES-128 is always used for connection requests
■
from clients and connection responses from the server. Whether subsequent
packets are to be encrypted depends on your configuration.
The configuration order of the algorithms determines the priorities of the
■
algorithms.
Currently, a VAM server supports only PAP and CHAP authentication.
Follow these steps to configure a client authentication mode:
To do...
Enter system view
Enter VPN domain view
Configure a client
authentication mode
Follow these steps to configure the IP address of Hub:
To do...
Enter system view
Enter VPN domain view
Configure the IP address of
Hub
Only the private address of the Hub is required. When a Hub joins a VPN
■
domain and registers with the server, the server sends the mapping
information between the public address and the private address of the Hub to
the other clients. If you configure both the public and private addresses of the
Hub on the server, the server considers a Hub valid only when both the public
and private addresses that the Hub registers with the server match those
configured on the server. Otherwise, the registration will fail.
Up to two Hubs can be configured in a VPN domain.
■
Use the command...
authentication-algorithm
{ none | { md5 | sha-1 }* }
encryption-algorithm
{ none | { aes-128 | des |
3des }* }
Use the command...
system-view
vam server vpn vpn-name
authentication-method
{ none | [ chap | pap ]
[ domain name-string ] }
Use the command...
system-view
vam server vpn vpn-name
hub private-ip
private-ip-address [ public-ip
public-ip-address ]
Remarks
Optional
SHA-1 applies by default.
Optional
By default, AES-128, 3DES,
and DES apply with
descending priorities.
Remarks
-
-
Required
The default authentication
mode is CHAP and ISP domain
is system.
Remarks
-
-
Required
Not configured by default.