3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
GRE Configuration 135
the sender and the receiver. The verification will fail if different identification keys
are used, and the packet will be discarded.
Perform the following configuration in Tunnel interface view.
The key-number parameter is an integer in the range 0 to 4294967295.
By default, Tunnel does not use KEY.
Configuring Routing via
Tunnel
Tunnel route, either static or dynamic, must exist on both the source and
destination ends, so that GRE packets can be forwarded properly.
Configuring static routing
You may manually configure a route to the destination address, which is the
destination address of the packet without GRE encapsulation rather than the
destination address of the Tunnel, with the next hop being the address of the
remote Tunnel interface address. This configuration is required at both ends of the
Tunnel. For details about this configuration, refer to the Routing Protocol module
of this manual. For detailed descriptions on the configuration commands, refer to
the Command Manual accompanying this manual.
Configuring dynamic routing
If dynamic routing protocol is running on the security gateway, you may simply
enable this protocol on both the Tunnel interface and the interface of the security
gateway directly connected to the private network. This configuration is required
on both ends of the Tunnel. For details about this configuration, refer to the
Routing Protocol module of this manual. For detailed descriptions on the
configuration commands, refer to the Command Manual accompanying this
manual.
Configuring the
Keepalive Function
Perform the following configuration in Tunnel interface view.
By default, the keepalive function of GRE is disabled; the seconds argument is set
to 10 and times to 3.
After the GRE keepalive function is enabled, the IPsec module will send GRE
keepalive packets to the Tunnel interface periodically. If the remote end does not
respond within the timeout time, the local end IPsec module will send keepalive
packets again. If the remote end still does not respond after the maximum retries,
the protocol state of the local Tunnel interface will become down.
Tab le 124 Set identification key of the Tunnel interface
Operation Command
Set identification key of the Tunnel interface gre key key-number
Cancel the identification key of Tunnel interface undo gre key
Tab le 125 Configure the keepalive function
Operation Command
Enable the keepalive function of GRE keepalive [ seconds ] [ times ]
Disable the keepalive function of GRE undo keepalive [ seconds ] [ times ]