Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
51525354555657585960
48
Ste
p
Command
Remarks
2. Create a tunnel
interface and enter
tunnel interface view.
interface tunnel interface-number
By default, no tunnel interface is created
on the firewall.
3. Configure an IPv4
address for the tunnel
interface.
ip address ip-address { mask |
mask-length }
By default, a tunnel interface has no IPv4
address.
4. Set the tunnel mode to
P2MP GRE.
tunnel-protocol gre p2mp
The default tunnel mode is GRE over
IPv4.
In P2MP GRE tunnel mode, both the
transport protocol and passenger
protocol are IPv4.
You must configure the tunnel mode as
GRE over IPv4 on the tunnel peers.
5. Configure the source
address or interface for
the tunnel interface.
source { ip-address | interface-type
interface-number }
By default, no source address or
interface is configured for a tunnel
interface.
On each branch node, you need to
configure the tunnel destination address
as this source address.
6. Enable the GRE packet
checksum function.
gre checksum
Optional.
Disabled by default.
For more information about the GRE
packet checksum function, see
"Configuring GRE."
7. Configure a route for
packet forwarding
through the tunnel.
See Network Management
Configuration Guide
Each end of the tunnel must have a route
(static or dynamic) through the tunnel to
the other end.
8. Configure the aging
time for the tunnel
entries.
gre p2mp aging-time aging-time
Optional.
5 seconds by default.
9. Specify the backup
interface.
gre p2mp backup-interface tunnel
number
Optional.
By default, no backup interface is
specified. .
The backup interface must be an existing
tunnel interface that works in GRE over
IPv4 mode.
10. Configure the mask or
mask length of the
private network
addresses of the
branch.
gre p2mp branch-network-mask
{ mask | mask-length }
Optional.
By default, the mask of the private
network address of a branch is
255.255.255.255, that is, the default
mask length is 32.
NOTE:
For more information about tunnel interfaces and related configurations, see "Configuring tunneling."