Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
51
# Display the tunnel entry information on Firewall A. The output shows that no tunnel entry exists.
[FirewallA] display gre p2mp tunnel-table interface tunnel 0
Dest Addr Mask Tunnel Dest Addr Gre Key
# Ping Host A from Host B. The operation succeeds.
# View tunnel entry information on Firewall A again. Because the branch has initiated tunnel
establishment by sending packets to the headquarters, a tunnel entry should be installed, as shown
in the following output information:
[FirewallA] display gre p2mp tunnel-table interface tunnel 0
Dest Addr Mask Tunnel Dest Addr Gre Key
192.168.12.0 255.255.255.0 11.1.1.2
Configuration example for backing up a P2MP GRE tunnel at
the headquarters
Network requirements
As shown in Figure 54, the headquarters uses two gateways at the egress of the internal network, with
Firewall B for backup. Two GRE tunnels are created on Firewall C (the gateway at the branch): one for
connecting Firewall A and the other for connecting Firewall B. Packets are forwarded along the tunnel
between Firewall A and Firewall C. When a failure occurs along this path, the tunnel between Firewall
B and Firewall C is used to transmit packets.
To meet the requirements:
Establish a P2MP GRE tunnel with the branch on both Firewall A and Firewall B.
Establish a GRE over IPv4 tunnel between Firewall A and Firewall B.
On Firewall A, configure the tunnel interface of the GRE over IPv4 tunnel as the backup interface of
the P2MP GRE tunnel interface.
With this configuration, when Firewall A cannot find the corresponding tunnel entry for a packet, it
delivers the packet to Firewall B, which then forwards the packet to Firewall C.
NOTE:
To avoid looping, do not confi
g
ure the tunnel interface of the GRE over IPv4 tunnel as the backup interface
of the P2MP GRE tunnel interface on Firewall B.