Manualshelf

R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
11121314151617181920
6
Table 2 GRE tunnel configuration items
Item Descri
p
tion
Tunnel Interface Specify the number of the tunnel interface.
IP/Mask
Specify the IP address and subnet mask of the tunnel interface.
IMPORTANT:
When configuring a static route on the tunnel interface, make sure that the destination
IP address of the static route is not in the subnet of the tunnel interface.
Zone Specify the security zone to which the tunnel interface belongs.
Tunnel Source
IP/Interface
Specify the source IP address and destination IP address for the tunnel interface.
For the tunnel source address, you can input an IP address or select an interface. In
the latter case, the primary IP address of the interface will be used as the tunnel
source address.
IMPORTANT:
The source address and destination address of a tunnel uniquely identify a path. They
must be configured at both ends of the tunnel and the source address at one end must
be the destination address at the other end and vice versa.
Tunnel Destination IP
GRE Key
Specify the key for the GRE tunnel interface. This configuration is to prevent the
tunnel ends from servicing or receiving packets from other places.
IMPORTANT:
The two ends of a tunnel must have the same key or have no key at the same time.
GRE Packet Checksum Enable or disable the GRE packet checksum function.
Keepalive
Enable or disable the GRE keepalive function.
With the GRE keepalive function enabled on a tunnel interface, the firewall sends
GRE keepalive packets from the tunnel interface periodically. If no response is
received from the peer within the specified interval, the firewall retransmits the
keepalive packet. If the firewall still receives no response from the peer after
sending the keepalive packet for the maximum number of attempts, the local tunnel
interface goes down and stays down until it receives a keepalive acknowledgement
packet from the peer.
Keepalive Interval
Specify the interval between sending the keepalive packets and the maximum
number of transmission attempts.
The two configuration items are available when you select Enable for the GRE
keepalive function.
Number of Retries
Return to GRE over IPv4 tunnel configuration task list.
GRE over IPv4 tunnel configuration example
Network requirements
As shown in Figure 10, Firewall A and Firewall B are interconnected through the Internet. Two private IP
subnets Group 1 and Group 2 are interconnected through a GRE tunnel between Firewall A and Firewall
B.