Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
61626364656667686970
56
Configuration procedure
Configure IP addresses and masks for interfaces as per Figure 43. (Details not shown.)
1. Configure Firewall A:
# Create tunnel interface Tunnel0 and configure an IP address for it.
<FirewallA> system-view
[FirewallA] interface tunnel 0
[FirewallA-Tunnel0] ip address 192.168.22.1 255.255.255.0
# Configure the tunnel encapsulation mode of interface Tunnel0 as P2MP GRE.
[FirewallA-Tunnel0] tunnel-protocol gre p2mp
# Configure the mask of the branch network connected to Tunnel0 as 255.255.255.0.
[FirewallA-Tunnel0] gre p2mp branch-network-mask 255.255.255.0
# Set the tunnel entry aging time to 20 seconds.
[FirewallA-Tunnel0] gre p2mp aging-time 20
# Configure the source IP address of interface Tunnel0.
[FirewallA-Tunnel0] source 11.1.1.1
[FirewallA-Tunnel0] quit
# Configure a static route to the branch network with the outgoing interface being Tunnel0.
[FirewallA] ip route-static 192.168.1.0 255.255.255.0 tunnel 0
2. Configure Firewall B:
# Create tunnel interface Tunnel0 and configure an IP address for it.
<FirewallB> system-view
[FirewallB] interface tunnel 0
[FirewallB-Tunnel0] ip address 192.168.22.2 255.255.255.0
# Configure the tunnel encapsulation mode of interface Tunnel0 as GRE over IPv4.
[FirewallB-Tunnel0] tunnel-protocol gre
# Configure the source and destination IP addresses of interface Tunnel0.
[FirewallB-Tunnel0] source 11.1.1.2
[FirewallB-Tunnel0] destination 11.1.1.1
# Set the GRE key of Tunnel0 to 1.
[FirewallB-Tunnel0] gre key 1
[FirewallB-Tunnel0] quit
# Configure a static route to the headquarters network with the outgoing interface being Tunnel0.
[FirewallB] ip route-static 172.17.17.0 255.255.255.0 tunnel 0
3. Configure Firewall C:
# Create tunnel interface Tunnel0 and configure an IP address for it.
<FirewallC> system-view
[FirewallC] interface tunnel 0
[FirewallC-Tunnel0] ip address 192.168.22.3 255.255.255.0
# Configure the tunnel encapsulation mode of interface Tunnel0 as GRE over IPv4.
[FirewallC-Tunnel0] tunnel-protocol gre
# Configure the source and destination IP addresses of interface Tunnel0.
[FirewallC-Tunnel0] source 11.1.1.3
[FirewallC-Tunnel0] destination 11.1.1.1
# Set the GRE key of Tunnel0 to 2.