372
Step Command Remarks
10. (Optional.) Set the idle
timeout time for the
spoke-spoke tunnel.
advpn session idle-time
time-interval
By default, the idle timeout time is
600 seconds.
The new idle timeout setting
applies to both existing and
subsequently established
spoke-spoke tunnels.
11. (Optional.) Set the dumb
time for the tunnel interface.
advpn session dumb-time
time-interval
By default, the dumb time is 120
seconds.
The new dumb time setting only
applies to subsequently
established tunnels.
12. (Optional.) Configure an
ADVPN group name.
advpn group
group-name
By default, no ADVPN group
name is configured.
13. (Optional.) Configure a
mapping between an
ADVPN group and a QoS
policy.
advpn map group
group-name
qos-policy
policy-name
outbound
By default, no ADVPN
group-to-QoS policy mappings
are configured.
For more information about tunnel interface configurations and commands, see Layer 3—IP
Services Configuration Guide and Layer 3—IP Services Command Reference.
Configuring routing
ADVPN supports OSPF, RIP, and BGP for IPv4:
• When OSPF is used, set the network type of an OSPF interface to broadcast in a full-mesh
network or to P2MP in a hub-spoke network.
• You can use RIP only in a hub-spoke network and you must also disable split horizon. RIP is not
supported in a full-mesh network.
• When BGP is used, configure a routing policy to make sure the next hop of a route destined for
a remote private network is the IP address of the peer spoke in a full-mesh network (EBGP does
not support full-mesh), or is the IP address of the hub in a hub-spoke network.
ADVPN supports OSPFv3, RIPng, and IPv6 BGP for IPv6:
• When OSPFv3 is used, set the network type of an OSPFv3 interface to broadcast in a full-mesh
network or to P2MP in a hub-spoke network.
• When RIPng is used, only the full-mesh network is supported.
• When IPv6 BGP is used, configure a routing policy to make sure the next hop of a route
destined for a remote private network is the IP address of the peer spoke in a full-mesh network
(EBGP does not support full-mesh), or is the IP address of the hub in a hub-spoke network.
For more information about routing protocols and policies, see Layer 3—IP Routing Configuration
Guide.
Configuring IPsec for ADVPN tunnels
You can configure an IPsec profile to secure ADVPN tunnels:
1. Configure IPsec transform sets to specify the security protocols, authentication and encryption
algorithms, and the encapsulation mode.
2. Configure an IKE-mode IPsec profile that uses the IPsec transform sets.
3. Apply the IPsec profile to an ADVPN tunnel interface.
To Next Page
Loading...
Need help?
General
