R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101
98
end. If you configure dynamic routing at both ends, enable the dynamic routing protocol on both
tunnel interfaces. For the detailed configuration, see Network Management Configuration Guide.
• The IPv4 address of the local tunnel interface cannot be on the same subnet as the destination
address of the tunnel.
• The destination address of a route with a tunnel interface as the egress interface must not be on the
same subnet as the destination address of the tunnel.
• Two or more tunnel interfaces using the same encapsulation protocol must have different source and
destination addresses.
• If you specify a source interface instead of a source address for the tunnel, the source address of the
tunnel is the primary IP address of the source interface.
Configuration procedure
To configure an IPv4 over IPv4 tunnel:
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Enter tunnel interface
view.
interface tunnel number N/A
3. Configure an IPv4
address for the tunnel
interface.
ip address ip-address { mask |
mask-length } [ sub ]
By default, no IPv4 address is
configured for the tunnel interface.
4. Specify the IPv4 over
IPv4 tunnel mode.
tunnel-protocol ipv4-ipv4
Optional.
By default, the tunnel mode is GRE over
IPv4.
The same tunnel mode should be
configured at both ends of the tunnel.
Otherwise, packet delivery will fail.
5. Configure a source
address or interface for
the tunnel interface.
source { ip-address | interface-type
interface-number }
By default, no source address or
interface is configured for the tunnel.
6. Configure a destination
address for the tunnel
interface.
destination ip-address
By default, no destination address is
configured for the tunnel.
Configuration example
NOTE:
In this configuration example, either Router A or Router B is the firewall.
Network requirements
As shown in Figure 76, the two subnets Group 1 and Group 2 use private IPv4 addresses. Configure an
IPv4 over IPv4 tunnel between Router A and Router B to make the two subnets reachable to each other.