Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
31323334353637383940
27
Item Descri
tion
Branch Network Mask
Configure the mask of the private network addresses of the branch to be used in
tunnel entries.
After you configure a mask, a device at the headquarters will establish only one
tunnel entry for all private IP addresses that belong to the same network segment.
This is to reduce the number of tunnel entries on the device. On a branch network,
you can simulate a traffic flow destined for the headquarters to trigger the
headquarters device to create a tunnel entry for the entire branch network.
By default, the mask of branch network addresses is 255.255.255.255.
Modifying the mask will delete all tunnel entries created on the device.
Before configuring a mask, make sure all the branch networks of the enterprise
have the same mask length. For a branch device with a different mask length, you
can configure NAT to implement the mask length consistency.
Aging Time
Configure the aging time for P2MP GRE tunnel entries.
The creation of a tunnel entry for a branch network is triggered by the traffic from
the branch network. If the device at the headquarters does not receive traffic from
the branch network within the aging time, the device will age out the tunnel entry.
Enable Interface Backup
Select whether to enable the interface backup function, and if yes, specify the
backup tunnel interface.
The backup tunnel interface must be an existing GRE over IPv4 tunnel interface.
Backup Interface
GRE Packet Checksum
Enable or disable the GRE packet checksum function. With this function enabled,
the tunnel interface will verify the validity of packets and discard those invalid.
You can enable or disable the checksum function at both ends of the tunnel as
needed. If you enable the checksum at the local end but not at the remote end, the
local end calculates the checksum of a packet to be sent but does not check the
checksum of a received packet. In contrast, if you enable the checksum function at
the remote end but not at the local end, the local end checks the checksum of a
received packet, but does not calculate the checksum of a packet to be sent.
Displaying information about established P2MP GRE tunnels
1. Select VPN > GRE > P2MP from the navigation tree.
2. Click the Tunnel List tab to view the P2MP GRE tunnel list.
Figure 23 Tunnel list