Step 2: Configuring a Server

Notes and Constraints

You can configure a server only when the VPN gateway is in Normal state.
A VPN gateway can have only one server associated.

Procedure

Configure a server.

Click the P2C VPN Gateways tab. The P2C VPN gateway list is displayed.
On the P2C VPN Gateways page, locate the target VPN gateway and click Configure Server in the Operation column.

Set parameters as prompted.

The following table only describes the key server parameters. For more information, see Configuring a Server.

**Table 1** Server parameters
Area	Parameter	Description	Example Value
Basic Information	Local CIDR Block	Specify the destination CIDR block that clients need to access. You can select a subnet or enter a CIDR block.	192.168.1.0/24
Basic Information	Client CIDR Block	Specify the CIDR block for assigning addresses to virtual NICs of clients.	172.16.0.0/16
Authentication Information	Server Certificate	Select either Service self-signed certificate or Existing certificate. Upload the certificate. For details, see Using the CCM to Manage a Server Certificate.	Service self-signed certificate
Authentication Information	Client Authentication Mode	Select Password authentication (local). In password authentication mode, the access policy default is automatically generated. The automatically generated access policy default applies to all users in the user group default. You can delete the access policy default and create a custom access policy. Select Certificate authentication. Click Upload CA Certificate, use a text editor (such as Notepad++) to open the CA certificate file in PEM format, and copy the certificate content to the Content text box in the Upload CA Certificate dialog box. After clicking OK, you can manage users and configure access policies.	Password authentication (local)
Advanced Settings	Protocol	Currently, only TCP is supported.	TCP
	Port	The options include 443 and 1149.	443
	Encryption Algorithm	The options include AES-128-GCM and AES-256-GCM.	AES-128-GCM
	Authentication Algorithm	The options include SHA256 and SHA384.	SHA256
	Domain Name Access	Specify whether to enable domain name access. By default, this function is disabled. Enabling domain name access Configure a valid DNS server address, which must meet the following requirements: Not 0.0.0.0 Non-loopback address. The loopback address range is 127.0.0.0 to 127.255.255.255. Non-multicast address. The multicast address range is 224.0.0.0 to 239.255.255.255. Address not starting or ending with 0 Non-duplicate DNS server address Not 255.255.255.255 Disabling domain name access By default, domain name access is disabled.	Disabled

Click OK.

Create a user.

Click the User Management tab. On the Users tab page, click Create User.

Set parameters as prompted.

The following table only describes the key parameters. For other parameters, use their default settings.

**Table 2** Key parameters for creating a user
Parameter	Description	Example Value
Name	The value can contain a maximum of 64 characters, including letters, digits, periods (.), underscores (_), and hyphens (-). NOTE: Do not use the following usernames that are reserved in the system: L3SW_ (prefix) link Cascade SecureNAT localbridge administrator (case-insensitive)	Test_01
Password	The value contains 8 to 32 characters. The value must contain at least two types of the following characters: uppercase letters, lowercase letters, digits, and special characters including `~!@#$%^&*()-_=+\\|[{}];:'",<.>/? and spaces. The password cannot be the username or the reverse of the username.	Set this parameter based on the site requirements.
Confirm Password	Reenter the password.	Set this parameter based on the site requirements.
User Group	Select the user group to which the user belongs.	default
Specify Client IP Address	Toggle off this option.	Disabled