Nat Traversal; Advpn Configuration Task List; Configuring Aaa; Configuring The Vam Server - HP FlexNetwork MSR2003 Configuration Manual

the destination address. If the route to the remote private network is learned by using both methods,
the route with a lower preference is used.

NAT traversal

An ADVPN tunnel can traverse a NAT gateway.
•
If only the tunnel initiator resides behind a NAT gateway, a spoke-spoke tunnel can be
established through the NAT gateway.
•
If the tunnel receiver resides behind a NAT gateway, packets must be forwarded by a hub
before the receiver originates a tunnel establishment request. If the NAT gateway uses
Endpoint-Independent Mapping, a spoke-spoke tunnel can be established through the NAT
gateway.
•
If both ends reside behind a NAT gateway, no tunnel can be established and packets between
them must be forwarded by a hub.

ADVPN configuration task list

Configure ADVPN in the order of VAM servers, hubs, and spokes.
Perform the following tasks to configure ADVPN:
Tasks at a glance
(Optional.)

Configuring AAA

(Required.)
(Required.)
(Required.)
(Required.)
(Optional.) Configuring IPsec for ADVPN tunnels
Configuring AAA
The VAM server can use AAA to authenticate clients. Clients passing AAA authentication can access
the ADVPN domain. For information about AAA configuration, see Security Configuration Guide.

Configuring the VAM server

Task
(Required.)
(Required.)
(Required.)
(Required.)
(Optional.) Configuring the port number of the VAM server
(Optional.) Specifying authentication and encryption algorithms for the VAM server
(Optional.) Configuring an authentication method
Configuring the VAM server
Configuring the VAM client
Configuring an ADVPN tunnel interface
Configuring routing
Creating an ADVPN domain
Enabling the VAM server
Configuring a pre-shared key for the VAM server
Configuring hub groups
337