Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
50
[FirewallA–GigabitEthernet0/1] ip address 11.1.1.1 255.255.255.0
[FirewallA–GigabitEthernet0/1] quit
# Configure an IP address for interface GigabitEthernet 0/2.
[FirewallA] interface gigabitethernet 0/2
[FirewallA–GigabitEthernet0/2] ip address 192.168.11.1 255.255.255.0
[FirewallA–GigabitEthernet0/2] quit
# Create a tunnel interface named Tunnel0 and configure an IP address for it.
[FirewallA] interface tunnel 0
[FirewallA-Tunnel0] ip address 192.168.22.1 255.255.255.0
# Configure the tunnel encapsulation mode as P2MP GRE.
[FirewallA-Tunnel0] tunnel-protocol gre p2mp
# Configure the mask of the branch network as 255.255.255.0.
[FirewallA-Tunnel0] gre p2mp branch-network-mask 255.255.255.0
# Set the tunnel entry aging time to 20 seconds.
[FirewallA-Tunnel0] gre p2mp aging-time 20
# Configure the source IP address of the tunnel interface Tunnel0.
[FirewallA-Tunnel0] source 11.1.1.1
[FirewallA-Tunnel0] quit
# Configure a static route to the branch network with the outgoing interface being the tunnel
interface Tunnel0.
[FirewallA] ip route-static 192.168.12.0 255.255.255.0 tunnel 0
2. Configure Firewall B:
# Configure an IP address for interface GigabitEthernet 0/1.
<FirewallB> system-view
[FirewallB] interface gigabitethernet 0/1
[FirewallB–GigabitEthernet0/1] ip address 11.1.1.2 255.255.255.0
[FirewallB–GigabitEthernet0/1] quit
# Configure an IP address for interface GigabitEthernet 0/2.
[FirewallB] interface gigabitethernet 0/2
[FirewallB–GigabitEthernet0/2] ip address 192.168.12.1 255.255.255.0
[FirewallB–GigabitEthernet0/2] quit
# Create a tunnel interface named Tunnel0 and configure an IP address for it.
[FirewallB] interface tunnel 0
[FirewallB-Tunnel0] ip address 192.168.22.2 255.255.255.0
# Configure the tunnel encapsulation mode as GRE over IPv4.
[FirewallB-Tunnel0] tunnel-protocol gre
# Configure the source IP address of the tunnel interface Tunnel0.
[FirewallB-Tunnel0] source 11.1.1.2
# Configure the destination IP address of the tunnel interface Tunnel0.
[FirewallB-Tunnel0] destination 11.1.1.1
[FirewallB-Tunnel0] quit
# Configure a static route to the headquarters network with the outgoing interface being the tunnel
interface Tunnel0.
[FirewallB] ip route-static 192.168.11.0 255.255.255.0 tunnel 0
3. Verify the configuration: