[Typical configuration] Application of DVPN in AR18 Broadband Router

Source: Internet
Author: User

Networking and simple configuration
1.1 typical DVPN networking applications
1.1.1 application description

The branch uses the ADSL Router to connect to the INTERNET and is configured as the DVPN Client. The address dynamically allocates a public network address for China Telecom. In this example, there are two xDSL Routers: 3Com 3031 and AR 18-32.
The Headquarters router uses the AR 18-20 router as the DVPN Server, and the WAN port ETH1/0 is assigned a fixed public IP address 162.105.66.30. Because the AR 18-20WAN port adopts the 10 m full duplex mode, the end-to-end configuration must be set to the 10 m full duplex mode.

Company network planning: 192.168.10.x serves as the tunnel address and maintains the DVPN tunnel information; 10. x serves as the private network address of the company network attached to the vro. The network address of the company is 10.10.10.x, and the tunnel address is 192.168.10.10. Branch A uses the router AR 18-32) the network address is 10.10.11.x, and the tunnel address is 192.168.10.11. branch B uses the router 3Com 3031) and the tunnel address 192.168.10.12.

1.1.2 networking Diagram

Figure 1 Client dynamically obtains the address and connects to the configuration of the DVPN Server.
1.1.3 configuration steps
Configure Server access to the INTERNET ...... AR 18-20
#
 sysname 1820
#
interface Ethernet1/0
#
interface Ethernet2/0
 speed 10
 duplex full
 ip address 162.105.66.30 255.255.255.0
#
interface NULL0
#
 ip route-static 0.0.0.0 0.0.0.0 162.105.66.1 preference 60
#
user-interface con 0
 idle-timeout 0 0
user-interface vty 0 4
#
return
Configure the Client to access the INTERNET according to the service type provided by the ISP ...... AR 18-32
Currently, the ISP may provide the following service types: PPPoEoA, PPPoA, IPoA, and IPoEoA. For specific configurations, see the ADSL configuration document. The following uses PPPoEoA as an example.
#
 sysname 1832
#
 dialer-rule 1 ip permit
#
interface Dialer0
 link-protocol ppp
 mtu 1450
 tcp mss 1410
 ip address ppp-negotiate
 dialer user whateveryouwant
 dialer-group 1
 dialer bundle 20
#
interface Ethernet1/0
#
interface Atm2/0
 adsl standard gdmt
#
interface Atm2/0.1 p2p
 atm-link check
 pvc 1/36
 map bridge Virtual-Ethernet1
#
interface Virtual-Ethernet1
 pppoe-client dial-bundle-number 20
#
interface NULL0
#
 ip route-static 0.0.0.0 0.0.0.0 Dialer 0 preference 60
#
user-interface con 0
user-interface vty 0 4
#
return
Configure DVPN Server ...... AR 18-20
# Configure Tunnel0 interface attributes.
[1820]interface Tunnel 0
[1820-Tunnel0]tunnel-protocol udp dvpn
[1820-Tunnel0]dvpn interface-type server
[1820-Tunnel0]dvpn vpn-id 100
[1820-Tunnel0]dvpn udp-port 8008
[1820-Tunnel0]source Ethernet 2/0
[1820-Tunnel0]ip address 192.168.10.10 24
Configure DVPN Client ...... AR 18-32
# Configure dvpn-class.
[1832]dvpn class zongbu-server
[1832-dvpn-class-zongbu-server]public-ip 162.105.66.30
[1832-dvpn-class-zongbu-server]private-ip 192.168.10.10
[1832-dvpn-class-zongbu-server]udp-port 8008
# Configure tunnel interface attributes.
[1832]interface Tunnel 0
[1832-Tunnel0]tunnel-protocol udp dvpn
[1832-Tunnel0]dvpn interface-type client
[1832-Tunnel0]dvpn vpn-id 100
[1832-Tunnel0]dvpn server zongbu-server
[1832-Tunnel0]source Dialer 0
[1832-Tunnel0]ip address 192.168.10.11 24
[1832-Tunnel0]dvpn udp-port 8001
Verify that the DVPN link is normal
[1832-Tunnel0]dis dvpn map
 VPNID privateip  publicip  udpport state type
100 192.168.10.10 162.105.66.30 8008ActiveC<->S
<1820>dis dvpn map
 VPNID privateip  publicip  udpport state type
100 192.168.10.11 202.113.67.10 8001ActiveC<->S
Configure and publish a private network ingress in the dvpn domain
# Configure branch office AAR 18-32)
[1832]interface Ethernet 1/0
[1832-Ethernet1/0]ip address 10.10.11.1 24
[1832-Ethernet1/0]dhcp select interface
[1832]ospf 1
[1832-ospf-1]area 0
[1832-ospf-1-area-0.0.0.0]network 10.10.11.0 0.0.0.255
[1832-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[1832]interface Tunnel 0
[1832-Tunnel0]ospf network-type p2mp
# Configure the Head Office AAR 18-20)
[1820]interface Ethernet 1/0
[1820-Ethernet1/0]ip address 10.10.10.1 24
[1820-Ethernet1/0]dhcp select interface
[1820]ospf 1
[1820-ospf-1]area 0
[1820-ospf-1-area-0.0.0.0]network 10.10.10.0 0.0.0.255
[1820-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[1820]interface Tunnel 0
[1820-Tunnel0]ospf network-type p2mp
Configure branch B router 3Com 3031 according to the configuration of branch

Route table check
<3031>dis ip rout
 Routing Table: public net
Destination/Mask  Protocol Pre CostNexthop Interface
0.0.0.0/0 STATIC  60  0  202.112.58.8Dialer0
10.10.10.0/24 OSPF 10  1563192.168.10.10  Tunnel0
10.10.11.0/24 OSPF 10  3125192.168.10.10  Tunnel0
10.10.12.0/24 DIRECT  00  10.10.12.1 Ethernet1/0
10.10.12.1/32 DIRECT  00  127.0.0.1  InLoopBack0
127.0.0.0/8DIRECT  00  127.0.0.1  InLoopBack0
127.0.0.1/32  DIRECT  00  127.0.0.1  InLoopBack0
192.168.10.0/24DIRECT  00  192.168.10.12  Tunnel0
192.168.10.10/32  OSPF 10  1562192.168.10.10  Tunnel0
192.168.10.11/32  OSPF 10  3124192.168.10.10  Tunnel0
192.168.10.12/32  DIRECT  00  127.0.0.1  InLoopBack0
202.112.58.1/32DIRECT  00  202.112.58.1Dialer0
202.112.58.8/32DIRECT  00  127.0.0.1  InLoopBack0
Security Configuration
DVPN encapsulation supports GRE encapsulation and UDP encapsulation. Only UDP can traverse NAT when NAT exists in the route path. Therefore, if GRE encapsulation is configured, dis dvpn map does not have any information, modify the packet encapsulation of the Client and Server.
If you need to configure Tunnel interface authentication, you should first enable the authentication function at both the Server and Client, and configure the private key of the Client. Then, configure the registration and authentication information list of the Client on the Server, including the IP address of the Client and the private key of the Client), so that the Client can match the authentication information when registering with the Server.
# Configure the headquarters
[1820-Tunnel0]dvpn authenticate enable
[1820-Tunnel0]dvpn client private-ip 192.168.10.11 key 9741039
[1820-Tunnel0]dvpn client private-ip 192.168.10.12 key 3031
# Configure branch
[1832-Tunnel0]dvpn authenticate enable
[1832-Tunnel0]dvpn key 9741039
# Configure branch B
[3031-Tunnel0]dvpn authenticate enable
[3031-Tunnel0]dvpn key 3031    

Related Articles]

  • [Typical configuration] IPOEOA of AR18 Broadband Router ADSL Application

  • [Typical configuration] AR18 Broadband Router NAT + QoS typical application and configuration

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.