xi
Configuring ADVPN ···················································································· 357
Overview ························································································································································ 357
ADVPN structures ·································································································································· 357
How ADVPN operates ···························································································································· 359
NAT traversal ········································································································································· 362
ADVPN configuration task list ························································································································ 362
Configuring AAA ············································································································································ 362
Configuring the VAM server ··························································································································· 362
Creating an ADVPN domain ·················································································································· 363
Enabling the VAM server ······················································································································· 363
Configuring a pre-shared key for the VAM server ·················································································· 363
Configuring hub groups ·························································································································· 364
Setting the port number of the VAM server ···························································································· 365
Specifying authentication and encryption algorithms for the VAM server ·············································· 366
Configuring an authentication method ··································································································· 366
Configuring keepalive parameters ········································································································· 367
Setting the retry timer ····························································································································· 367
Configuring the VAM client ···························································································································· 367
Creating a VAM client ···························································································································· 368
Enabling VAM clients ····························································································································· 368
Specifying VAM servers ························································································································· 368
Specifying an ADVPN domain for a VAM client ····················································································· 369
Configuring a pre-shared key for a VAM client ······················································································ 369
Setting the retry interval and retry number for a VAM client ·································································· 369
Setting the dumb timer for a VAM client ································································································· 370
Configuring a username and password for a VAM client ······································································· 370
Configuring an ADVPN tunnel interface ········································································································· 370
Configuring routing ········································································································································· 372
Configuring IPsec for ADVPN tunnels ··········································································································· 372
Displaying and maintaining ADVPN ··············································································································· 373
ADVPN configuration examples ····················································································································· 374
IPv4 full-mesh ADVPN configuration example ······················································································· 374
IPv6 full-mesh ADVPN configuration example ······················································································· 381
IPv4 hub-spoke ADVPN configuration example ····················································································· 389
IPv6 hub-spoke ADVPN configuration example ····················································································· 396
IPv4 multi-hub-group ADVPN configuration example ············································································ 404
IPv6 multi-hub-group ADVPN configuration example ············································································ 417
IPv4 full-mesh NAT traversal ADVPN configuration example ································································ 432
Configuring AFT ·························································································· 440
Overview ························································································································································ 440
Command and hardware compatibility ··········································································································· 440
AFT implementations ····································································································································· 440
Static AFT ·············································································································································· 440
Dynamic AFT ········································································································································· 440
Prefix translation ···································································································································· 441
AFT internal server ································································································································· 442
AFT translation process ································································································································· 442
IPv6-initiated communication ················································································································· 443
IPv4-initiated communication ················································································································· 444
AFT configuration task list ······························································································································ 445
IPv6-initiated communication ················································································································· 445
IPv4-initiated communication ················································································································· 445
Enabling AFT ················································································································································· 445
Configuring an IPv6-to-IPv4 destination address translation policy ······························································· 445
Configuring an IPv6-to-IPv4 source address translation policy ····································································· 446
Configuring an IPv4-to-IPv6 destination address translation policy ······························································· 447
Configuring an IPv4-to-IPv6 source address translation policy ····································································· 448
Configuring AFT logging ································································································································ 448
Setting the ToS field to 0 for translated IPv4 packets ···················································································· 449
Setting the Traffic Class field to 0 for translated IPv6 packets ······································································· 449
To Next Page
Loading...
