F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100
88
Ste
p
Command
Remarks
5. Configure a source
address or interface for
the tunnel interface.
source { ip-address | interface-type
interface-number }
By default, no source address or
interface is configured for the tunnel.
6. Configure a destination
address for the tunnel
interface.
destination ip-address
By default, no destination address is
configured for the tunnel.
150BConfiguration example
386BNetwork requirements
As shown in 718HFigure 69, the two subnets Group 1 and Group 2 use private IPv4 addresses. Configure an
IPv4 over IPv4 tunnel between Firewall A and Firewall B to make the two subnets reachable to each other.
Figure 69 Network diagram
387BConfiguration procedure
Make sure Firewall A and Firewall B can reach each other through IPv4.
• Configure Firewall A:
# Configure an IPv4 address for GigabitEthernet 0/1.
<FirewallA> system-view
[FirewallA] interface gigabitethernet 0/1
[FirewallA-GigabitEthernet0/1] ip address 10.1.1.1 255.255.255.0
[FirewallA-GigabitEthernet0/1] quit
# Configure an IPv4 address for GigabitEthernet 0/2 (the physical interface of the tunnel).
[FirewallA] interface gigabitethernet 0/2
[FirewallA-GigabitEthernet0/2] ip address 2.1.1.1 255.255.255.0
[FirewallA-GigabitEthernet0/2] quit
# Create interface Tunnel 1.
[FirewallA] interface tunnel 1
# Configure an IPv4 address for interface Tunnel 1.
[FirewallA-Tunnel1] ip address 10.1.2.1 255.255.255.0
# Configure the tunnel encapsulation mode as IPv4 over IPv4.
[FirewallA-Tunnel1] tunnel-protocol ipv4-ipv4
# Configure the source address for interface Tunnel 1 (IP address of GigabitEthernet 0/2).
[FirewallA-Tunnel1] source 2.1.1.1
GE0/1
10.1.1.1/24
GE0/2
2.1.1.1/24
GE0/1
10.1.3.1/24
Firewall A
IPv4 netwok
IPv4
Group 1
Tunnel1
10.1.2.1/24
GE0/2
3.1.1.1/24
Tunnel2
10.1.2.2/24
IPv4
Group 2
Firewall B
IPv4 over IPv4 tunnel