Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
31323334353637383940
24
High reliability. It supports GRE tunnel backup at the headquarters and branches, improving the
network reliability.
The P2MP GRE tunnel technology has the following restrictions:
Both the transport protocol and passenger protocol must be IPv4.
The headquarters node cannot send packets to a branch before the branch sends packets to it. Only
after receiving a packet from the branch, can the headquarters node installs a tunnel entry for the
branch and send packets to the branch.
No tunnel can be established between branch nodes and therefore branch nodes cannot
communicate with each.
Configuring a P2MP GRE tunnel in the web
interface
Configuration prerequisites
On each of the peer devices, configure an IP address for the interface to be used as the source interface
of the tunnel interface (which can be a, for example, VLAN interface, GigabitEthernet interface, or
loopback interface), and make sure that this interface can communicate with the interface used as the
source interface of the tunnel interface on the peer device normally.
Configuration task list
Task Remarks
Configuring a P2MP GRE tunnel
interface
Required
Create a P2MP GRE tunnel interface and configure the related parameters.
Configuring a route for packet
forwarding through the tunnel
Required
Each end of the tunnel must have a route (static or dynamic) for packet
forwarding through the tunnel to the other end, so that GRE encapsulated
packets can be forwarded normally.
When configuring a route through the tunnel, you can configure a static
route, using the address of the network segment that the original packet is
destined for as its destination address and the address of the peer tunnel
interface as its next hop. Or, you can enable a dynamic routing protocol
on both the tunnel interface and the interface connecting the private
network, so that the dynamic routing protocol can establish a routing entry
that instructs the firewall to forward packets through the tunnel.
For information about static and dynamic route configuration, see Network
Management Configuration Guide.
IMPORTANT:
It is not allowed to set up a static route whose destination address is in the
subnet of the tunnel interface.
Displaying information about
established P2MP GRE tunnels
Optional