How to configure AR routers in branches to use a domain name to access the headquarters through DSVPN

33

In the figure on the right, the branch and headquarters access the Internet through PPPoE dialup, and the branch uses the domain name to access the headquarters through DSVPN.
Assume that the public network route is reachable. The following describes only key configurations.
1. Configure Spoke1. The configuration of Spoke2 is similar to that of Spoke1, and is not mentioned here.
interface Dialer1 //Configure a dialer interface.
link-protocol ppp
ppp chap user user@huawei.com //Configure CHAP authentication.
ppp chap password cipher huawei@123 //Set the CHAP authentication password to huawei@123.
ip address ppp-negotiate
dialer user huawei //Configure the peer user name for the dialer interface.
dialer bundle 1 //Configure a dialer bundle for the dialer interface.
dialer-group 1 // Configure a dialer access group.
#
interface Tunnel0/0/0 //Configure a DSVPN tunnel interface.
ip address 10.16.1.2 255.255.255.0
tunnel-protocol gre p2mp
source dialer 1 //Configure the dialer interface as the source interface.
ospf network-type broadcast
nhrp entry 10.16.1.1 www.123.com register //Configure an NHRP mapping table.
#
interface GigabitEthernet1/0/0
pppoe-client dial-bundle-number 1 //Configure the PPPoE client to use dialer bundle 1.
#
dialer-rule //Configure a dialer ACL.
dialer-rule 1 ip permit
#
ip route-static 0.0.0.0 0.0.0.0 dialer1 //Configure a default route pointing to the dialer interface.


2. Configure the hub.

dns resolve //Enable the dynamic DNS (DDNS) function.
dns server 2.1.1.1 //Configure an IP address for the DNS server.
#
interface Dialer1
link-protocol ppp
ppp chap user user@huawei.com
ppp chap password cipher huawei@123
ip address ppp-negotiate
dialer user huawei
dialer bundle 1
dialer-group 1
ddns apply policy mypolicy //Bind the DDNS policy to the interface.
#
ddns policy mypolicy //Specify the URL in a DDNS update request. The user name is steven and the password is nevets@123.
url ""http://:@members.3322.org/dyndns/update?system=dyndns&hostname=&ip="" username steven password nevets@123
#
interface Tunnel0/0/0
ip address 10.16.1.1 255.255.255.0
tunnel-protocol gre p2mp
source dialer 1
ospf network-type broadcast
nhrp entry multicast dynamic
#
interface GigabitEthernet1/0/0
pppoe-client dial-bundle-number 1
#
dialer-rule
dialer-rule 1 ip permit
#
ip route-static 0.0.0.0 0.0.0.0 dialer1

Other related questions:
Method used to configure IPSec between the headquarters and branches on the AR
Huawei AR routers support IPSec tunnel for implementing interconnection between the headquarters and branches. For details about the configuration, see IPSec under "Using VPN to Implement WAN Interconnection" in Typical Configuration Examples. The point-to-multipoint IPSec cases are as follows: - Example for Establishing Multiple IPSec Tunnels Between the Headquarters and Branches Using the IPSec Policy Template - Example for Configuring OSPF and GRE Over IPSec to Implement Communication Between the Branch and Headquarters - Example for Configuring GRE Over IPSec to Implement Communication Between the Branches and Headquarters and NAT to Implement Communication Between Branches (Running OSPF) - Example for Establishing IPSec over DSVPN Tunnels Between Hub and Spokes (Based on ACL) - Example for Establishing an IPSec Tunnel In Manual and IKE Negotiation Modes - Example for Configuring IPSec Reverse Route Injection

Method used to configure an IPSec tunnel on the AR for mutual access between branches
There are two ways of implementing communication between branches on Huawei AR routers. 1. Branches directly communicate with each other. In this case, implementing communication between branches through configuration of IPSec and DSVPN (not supported by the AR510). For details, see "Example for configuring IPSec-based DSVPN" of "DSVPN Configuration" in Configuration Guide - VPN. 2. Branches communicate with each other through the headquarters. For details, see "Example for Configuring GRE Over IPSec to Implement Communication Between the Branches and Headquarters and NAT to Implement Communication Between Branches (Running OSPF)" of "Using VPN to Implement WAN Interconnection" in Typical Configuration Examples.

Method used to configure the public domain name for AR series routers
Huawei AR series routers support DNS client, DNS proxy or relay, and DDNS client, but do not support the DNS server. Public domain names need to be purchased and bound to the IP addresses on the DNS servers of carriers.

Can the branch AR with dynamic addresses be configured with DSVPN
The branch AR with dynamic address can be configured with DSVPN. DSVPN can be used to dynamically establish Spoke-Spoke tunnels for direct communication between branches when branches use dynamic addresses to access the public network. For details, see AR150&AR160&AR200&AR510&AR1200&AR2200&AR3200 Typical Configuration Examples.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top