Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
41424344454647484950
40
Figure 41 Verifying the configuration result on Firewall A
4. Cut off the tunnel link between Firewall A and Firewall C:
a. On Firewall C, select Device Management > Interface from the navigation tree and then click
the icon of interface Tunnel0.
b. Click the Disable button to shut down interface Tunnel0.
5. After the tunnel aging time (10 seconds in this example) elapses, refresh and view the tunnel entry
information on Firewall A.
There should be no tunnel entry any more.
6. Ping Host A from Host C.
The ping operation succeeds.
7. Refresh and view the P2MP GRE tunnel information on Firewall B again.
You can see that a P2MP GRE tunnel is established on Firewall B.
After the link between Firewall A and Firewall C went down, the tunnel entry aging timer started
to work, and after the timer expired, the tunnel entry on Firewall A was removed.
After Firewall C sent a packet to Firewall B, a tunnel entry to the branch network was generated on
Firewall B, and packets to the branch network were forwarded through Firewall B.
Figure 42 Verifying the configuration result on Device B
Configuration example for P2MP GRE tunnel backup at a
branch
Network requirements
As shown in Figure 55, a branch uses two gateways at the egress of the internal network, with Firewall
C for backup. A P2MP GRE tunnel template is created on Firewall A, the gateway at the headquarters,
allowing Firewall A to establish two GRE tunnels to the branch network, one for connecting Firewall B