3Com 3C13636 Configuration Manual page 1258

3Com Router 3000 Ethernet Family
Configuration Guide
3) The client sends key negotiation request and server authentication request to the
server.
4) The server sends a key negotiation response message, a client authentication
message, and a server authentication response message to the client.
5) The client sends its own authentication information to the server.
6) The server sends the authentication result to the client.
7) The client sends a registration request message to the server, which includes all
information about the client.
8) The server sends the registration response information to the client, among which
are items such as data encryption policy, key, and DVPN ID.
Note:
A DVPN server allows up to 5000 clients to register with it. A DVPN domain can
accommodate up to 1024 registered clients.
II. Session establishment phase
Upon successful registration, the client immediately establishes a session with the
DVPN server to transmit packets using DVPN. If the server receives a packet destined
for a network other than the local private network, it forwards the packet and sends a
next hop redirect notification message to the source client, informing the client of
information about the destination. Once receiving the redirect message, the client
sends a session establishment request to the peer client. After the two clients go
through session establishment negotiation (including the negotiation of the IPSec SA
for the session), a separate session is established between the two clients. Since then,
the two clients can communicate with each other directly without the server.
Before a session is removed, a judgment is made about whether the session is coupled
with a registration map. If not, the session is removed directly. Otherwise, the map must
be removed at first.
III. Data transmission phase
Data transmission phase starts after a session is established between clients. All data
is transmitted among the clients and server over sessions. The data being transmitted
is secured using IPSec, with DES as the encryption algorithm and MD5 as the
authentication algorithm.
During this phase, all data transmitted is protected by the previously mentioned
algorithms by default. You do not need to perform any configuration.
3Com Corporation
4-4
Chapter 4 DVPN