F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100
33
2. Ping Host A from Host B. The ping operation succeeds.
3. On Firewall A, click Refresh under the tunnel entry list. The P2MP GRE tunnel entry should have
been installed.
Figure 29 Verifying the configuration result
115BConfiguration example for P2MP GRE tunnel backup at the
headquarters
348BNetwork requirements
As shown in 686HFigure 54, the headquarters uses two gateways at the egress of the internal network, with
Firewall B for backup. Two GRE tunnels are created on Firewall C, the gateway at the branch, one for
connecting Firewall A and the other for connecting Firewall B. Normally, packets are forwarded along
the tunnel between Firewall A and Firewall C. When a failure occurs along this path, the tunnel between
Firewall B and Firewall C is used to transmit packets.
To meet the previous requirements, you need to establish a P2MP GRE tunnel with the branch on both
Firewall A and Firewall B, establish a GRE over IPv4 tunnel between Firewall A and Firewall B, and on
Firewall A, configure the tunnel interface of the GRE over IPv4 tunnel as the backup interface of the P2MP
GRE tunnel interface. Thus, when Firewall A cannot find the corresponding tunnel entry for a packet, it
delivers the packet to Firewall B, which then forwards the packet to Firewall C.
To avoid looping, do not configure the tunnel interface of the GRE over IPv4 tunnel as the backup
interface of the P2MP GRE tunnel interface on Firewall B.