347
Step Command Remarks
10. (Optional.) Set the idle
timeout time for the
spoke-spoke tunnel.
advpn session idle-time
time-interval
By default, the idle timeout time is
600 seconds.
The new idle timeout setting
applies to both existing and
subsequently established
spoke-spoke tunnels.
11. (Optional.) Set the dumb
time for the tunnel interface.
advpn session dumb-time
time-interval
By default, the dumb time is 120
seconds.
The new dumb time setting only
applies to subsequently
established tunnels.
For more information about tunnel interface configurations and commands, see Layer 3—IP
Services Configuration Guide and Layer 3—IP Services Command Reference.
Configuring routing
ADVPN supports OSPF, RIP, and BGP for IPv4:
• When OSPF is used, set the network type of an OSPF interface to broadcast in a full-mesh
network or to P2MP in a hub-spoke network.
• When RIP is used, you can use RIP-1 or RIP-2 broadcast in a full-mesh network, or use RIP-2
multicast and disable split horizon in a hub-spoke network.
• When BGP is used, configure a routing policy to make sure the next hop of a route destined for
a remote private network is the IP address of the peer spoke in a full-mesh network (EBGP does
not support full-mesh), or is the IP address of the hub in a hub-spoke network.
ADVPN supports OSPFv3, RIPng, and IPv6 BGP for IPv6:
• When OSPFv3 is used, set the network type of an OSPFv3 interface to broadcast in a full-mesh
network or to P2MP in a hub-spoke network.
• When RIPng is used, only the full-mesh network is supported.
• When IPv6 BGP is used, configure a routing policy to make sure the next hop of a route
destined for a remote private network is the IP address of the peer spoke in a full-mesh network
(EBGP does not support full-mesh), or is the IP address of the hub in a hub-spoke network.
For more information about routing protocols and policies, see Layer 3—IP Routing Configuration
Guide.
Configuring IPsec for ADVPN tunnels
You can configure an IPsec profile to secure ADVPN tunnels:
1. Configure IPsec transform sets to specify the security protocols, authentication and encryption
algorithms, and the encapsulation mode.
2. Configure an IKE-mode IPsec profile that references the IPsec transform sets.
3. Apply the IPsec profile to an ADVPN tunnel interface.
For more information about IPsec configuration, see Security Configuration Guide.
Displaying and maintaining ADVPN
Execute display commands in any view and reset commands in user view.
To Next Page
Loading...
Need help?
General
