Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
61626364656667686970
58
365BConfiguration procedure
1. Configure IP addresses and masks for interfaces according to 694HFigure 55. (Details not shown.)
2. Configure Firewall A:
# Create a tunnel interface named Tunnel0 and configure an IP address for it.
<FirewallA> system-view
[FirewallA] interface tunnel 0
[FirewallA-Tunnel0] ip address 192.168.22.1 255.255.255.0
# Configure the tunnel encapsulation mode of the tunnel interface Tunnel0 as P2MP GRE.
[FirewallA-Tunnel0] tunnel-protocol gre p2mp
# Configure the mask of the branch network connected to the tunnel interface Tunnel0 as
255.255.255.0.
[FirewallA-Tunnel0] gre p2mp branch-network-mask 255.255.255.0
# Set the tunnel entry aging time to 20 seconds.
[FirewallA-Tunnel0] gre p2mp aging-time 20
# Configure the source IP address of the tunnel interface Tunnel0.
[FirewallA-Tunnel0] source 11.1.1.1
[FirewallA-Tunnel0] quit
# Configure a static route to the branch network with the outgoing interface being the tunnel
interface Tunnel0.
[FirewallA] ip route-static 192.168.1.0 255.255.255.0 tunnel 0
3. Configure Firewall B:
# Create a tunnel interface named Tunnel0 and configure an IP address for it.
<FirewallB> system-view
[FirewallB] interface tunnel 0
[FirewallB-Tunnel0] ip address 192.168.22.2 255.255.255.0
# Configure the tunnel encapsulation mode of the tunnel interface Tunnel0 as GRE over IPv4.
[FirewallB-Tunnel0] tunnel-protocol gre
# Configure the source and destination IP addresses of the tunnel interface Tunnel0.
[FirewallB-Tunnel0] source 11.1.1.2
[FirewallB-Tunnel0] destination 11.1.1.1
# Set the GRE key of the tunnel interface Tunnel0 to 1.
[FirewallB-Tunnel0] gre key 1
[FirewallB-Tunnel0] quit
# Configure a static route to the headquarters network with the outgoing interface being the tunnel
Tunnel0.
[FirewallB] ip route-static 172.17.17.0 255.255.255.0 tunnel 0
4. Configure Firewall C:
# Create a tunnel interface named Tunnel0 and configure an IP address for it.
<FirewallC> system-view
[FirewallC] interface tunnel 0
[FirewallC-Tunnel0] ip address 192.168.22.3 255.255.255.0
# Configure the tunnel encapsulation mode of the tunnel interface Tunnel0 as GRE over IPv4.
[FirewallC-Tunnel0] tunnel-protocol gre
# Configure the source and destination IP addresses of the tunnel interface Tunnel0.