Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
501502503504505506507508509510
4-325
Configuring a VPN on the HP TMS zl Module
GRE Tunnels
Note The tunnel interface on the TMS zl Module will respond to keepalives from
the remote tunnel gateway even when you do not enable keepalives on that
interface. Therefore, you can set keepalives on one side of the tunnel but not
the other if you want. However, only the side of the tunnel that sends keepal-
ives will use the keepalives to determine the status of the tunnel; the other
side will always consider the tunnel to be up.
Redundant GRE
Redundant GRE is a strategy for minimizing tunnel downtime by using one
GRE tunnel as the primary link between sites and using a second GRE tunnel
as the back-up in case the primary GRE tunnel fails.
Figure 4-238. Redundant GRE
Figure 4-238 shows redundant GRE tunnels between the TMS zl Module at Site
A and the Secure Routers at Site B. The tunnels allow the workstations in
VLAN10 at Site A to access the servers in VLAN8 at Site B. The primary GRE
tunnel has the TMS zl Module’s address in VLAN99 as the local gateway and
one Secure Router's public IP address as the remote gateway. In this example,
the secondary tunnel has the TMS zl Module’s address in VLAN100 as the local
gateway and the other Secure Router's public IP address as the remote
gateway. (It is also possible to create two GRE tunnels that use the same
module IP address as the local gateway.)