F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

• Tunnel interfaces using the same encapsulation protocol must have different source addresses and

destination addresses.

• If you configure a source interface for a tunnel interface, the tunnel interface takes the primary IP

address of the source interface as its source address.

• You can enable or disable the checksum function at both ends of a tunnel.

{ If checksum is enabled at the local end but not at the remote end, the local end calculates the

checksum of a packet to be sent but does not check the checksum of a received packet.

{ If checksum is enabled at the remote end but not at the local end, the local end checks the

checksum of a received packet but does not calculate the checksum of a packet to be sent.

• You can use the following methods to configure a route to a destination over the GRE tunnel:

{ Configure a static route, using the destination address of the original packet as the destination

address of the route and the address of the peer tunnel interface as the next hop.

{ Enable a dynamic routing protocol on both the tunnel interface and the interface connecting

the private network, so the dynamic routing protocol can establish a routing entry with the

tunnel interface as the outgoing interface.

• The IP address of the tunnel interface and the tunnel destination address configured on the tunnel

interface must be in different subnets.

333BConfiguration prerequisites

Configure an IP address for the interface (such as a VLAN interface, an Ethernet interface, or a Loopback

interface) to be used as the source interface of the tunnel interface.

334BConfiguration procedure

To configure a GRE over IPv4 tunnel:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Create a tunnel interface and

enter tunnel interface view.

interface tunnel interface-number

By default, a device has no tunnel

interface.

3. Configure an IPv4 address for

the tunnel interface.

ip address ip-address { mask |

mask-length }

By default, a tunnel interface has

no IPv4 address.

4. Set the tunnel mode to GRE

over IPv4.

tunnel-protocol gre

Optional.

The default tunnel mode is GRE

over IPv4.

You must configure the same tunnel

mode on both ends of a tunnel.

Otherwise, packet delivery will

fail.

5. Configure the source address

or interface for the tunnel

interface.

source { ip-address | interface-type

interface-number }

By default, no source address or

interface is configured for a tunnel

interface.

6. Configure the destination

address for the tunnel

interface.

destination ip-address

By default, no destination address

is configured for a tunnel interface.