Configuring The Dvpn Tunnel Parameters; Prerequisites; Configuring A Dvpn Tunnel - 3Com MSR 50 Series Configuration Manual

3com msr 30-16: software guide

Hide thumbs Also See for MSR 50 Series:

Safety information manual (12 pages)

Table of Contents

Configuring the DVPN

Tunnel Parameters

Configuring a DVPN

Configure the PFS (perfect

forward secrecy) setting for

security policy negotiation

Set the duration of security

associations

An IPSec profile depends on IKE for SA negotiation. An IPSec profile can

reference up to six security proposals. IKE searches for security proposals that

match at both ends during negotiation. If no match is found, SAs cannot be

established and the packets requiring IPSec protection will be discarded.

When IKE uses a security policy to initiate a negotiation, if the local end uses

PFS, the remote end must also use PFS for negotiation and both ends must use

the same Diffie-Hellman (DH) group; otherwise, the negotiation will fail.

A security proposal for an IPSec profile to reference must be configured to use

the ESP protocol.

An IPSec profile is used specially to protect DVPN traffic. Due to the dynamics

of DVPN addresses, the setting by the remote-address keyword for the IKE

peer that an IPSec profile references does not take effect on the initiator.

By configuring this task, you can bind a VAM client to an end of the DVPN tunnel,

the tunnel's idle interval, and dumb interval after a tunnel establishment failure.

You need to specify on the device an IP address for the VLAN interface, Ethernet

interface or Loopback interface, which will act as the source interface of the

tunnel virtual interface, to ensure the destination of the tunnel is reachable.

Follow these steps to configure a DVPN tunnel:

Enter system view

Create a tunnel interface and

enter its view

Specify an IP address for the

tunnel interface

Specify the DVPN tunnel