Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
51525354555657585960
51
# Configure a static route to the headquarters network with the outgoing interface being Tunnel0.
[RouterB] ip route-static 192.168.11.0 255.255.255.0 tunnel 0
Verifying the configuration
# After the configurations, view the tunnel entry information on Router A. No tunnel entry exists.
[RouterA] display gre p2mp tunnel-table interface tunnel 0
Dest Addr Mask Tunnel Dest Addr Gre Key
# Ping Host A from Host B. The operation succeeds.
# View tunnel entry information on Router A again. As the branch has initiated the establishment
of the tunnel by sending packets to the headquarters, a tunnel entry should be installed, as shown
in the following output information:
[RouterA] display gre p2mp tunnel-table interface tunnel 0
Dest Addr Mask Tunnel Dest Addr Gre Key
192.168.12.0 255.255.255.0 11.1.1.2
Configuration example for P2MP GRE tunnel backup at the
headquarters
Network requirements
As shown in Figure 30, the headquarters uses two gateways at the egress of the internal network, with
Firewall B for backup. Two GRE tunnels are created on Firewall C, the gateway at the branch, one for
connecting Firewall A and the other for connecting Firewall B. Normally, packets are forwarded along
the tunnel between Firewall A and Firewall C. When a failure occurs along this path, the tunnel between
Firewall B and Firewall C is used to transmit packets.
To meet the requirements, establish a P2MP GRE tunnel with the branch on both Firewall A and Firewall
B, establish a GRE over IPv4 tunnel between Firewall A and Firewall B, and on Firewall A configure the
tunnel interface of the GRE over IPv4 tunnel as the backup interface of the P2MP GRE tunnel interface.
Thus, when Firewall A cannot find the corresponding tunnel entry for a packet, it delivers the packet to
Firewall B, which then forwards the packet to Firewall C.
NOTE:
To avoid looping, do not configure the tunnel interface of the GRE over IPv4 tunnel as the backup interface
of the P2MP GRE tunnel interface on Firewall B.