R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

To do… Use the command…

Remarks

Enable the GRE packet checksum

function

gre checksum

Optional

Disabled by default

Configure the key for the GRE

tunnel interface

gre key key-number

Optional

By default, no key is configured for

a GRE tunnel interface.

The two ends of a tunnel must have

the same key or have no key at the

same time.

Configure a route for packet

forwarding through the tunnel

For IP routing configuration, see

Network Management

Configuration Guide.

Optional

Each end of the tunnel must have a

route (static or dynamic) through

the tunnel to the other end.

Displaying and maintaining GRE

To do… Use the command…

Remarks

Display information about a

specified or all tunnel interfaces

display interface tunnel [ number ]

Available in any view

GRE over IPv4 tunnel configuration example

Network requirements

Firewalls Firewall A and Firewall B are interconnected through the Internet. Two private IPv4 subnets

Group 1 and Group 2 are interconnected through a GRE tunnel between the two firewalls.

Figure 11 Network diagram for a GRE over IPv4 tunnel

Configuration procedure

NOTE:

Before the configuration, make sure that Firewall A and Firewall B can reach each other.

1. Configure Firewall A

# Configure an IPv4 address for interface GigabitEthernet 0/1.

<FirewallA> system-view

[FirewallA] interface gigabitEthernet 0/1

[FirewallA-GigabitEthernet0/1] ip address 10.1.1.1 255.255.255.0

[FirewallA-GigabitEthernet0/1] quit

# Configure an IPv4 address for interface GigabitEthernet 0/0, the physical interface of the tunnel.

IPv4

Group 2

IPv4

Group 1

GE0/1

10 .1 .1.1/24

GE0/1

10.1.3.1/24

Tunnel 0

10.1.2.1/24

GE0/0

1.1.1.1/24

GE0/0

2.2.2.2/24

IPv 4 network

GRE tunnel

Tunnel 0

10 .1.2.2/24

Firewall A

Firewall B