Nat Traversal; Advpn Configuration Task List; Configuring Aaa; Configuring The Vam Server - HPE FlexNetwork MSR Series Comware 7 Layer 3 - Ip Services Configuration Manuals

the destination address. If the route to the remote private network is learned by using both methods,
the route with a lower preference is used.

NAT traversal

An ADVPN tunnel can traverse a NAT gateway.
•
If only the tunnel initiator resides behind a NAT gateway, a spoke-spoke tunnel can be
established through the NAT gateway.
•
If the tunnel receiver resides behind a NAT gateway, packets must be forwarded by a hub
before the receiver originates a tunnel establishment request. If the NAT gateway uses
Endpoint-Independent Mapping, a spoke-spoke tunnel can be established through the NAT
gateway.
•
If both ends reside behind a NAT gateway, no tunnel can be established and packets between
them must be forwarded by a hub.

ADVPN configuration task list

Configure ADVPN in the order of VAM servers, hubs, and spokes.
Perform the following tasks to configure ADVPN:
Tasks at a glance
(Optional.)
(Required.)
(Required.)
(Required.)
(Required.)
(Optional.)

Configuring AAA

The VAM server can use AAA to authenticate clients. Clients passing AAA authentication can access
the ADVPN domain. For information about AAA configuration, see Security Configuration Guide.

Configuring the VAM server

Tasks at a glance
(Required.)
(Required.)
(Required.)
(Required.)
(Optional.)
(Optional.)
(Optional.)
Configuring AAA
Configuring the VAM server
Configuring the VAM client
Configuring an ADVPN tunnel interface
Configuring routing
Configuring IPsec for ADVPN tunnels
Creating an ADVPN domain
Enabling the VAM server
Configuring a pre-shared key for the VAM server
Configuring hub groups
Setting the port number of the VAM server
Specifying authentication and encryption algorithms for the VAM server
Configuring an authentication method
362