HP VPN Firewall Appliances VPN Configuration Guide
52
Figure 54 Network diagram
Device Interface IP Address
Device
Interface
IP Address
Firewall A GE0/1 11.1.1.1/24 Firewall B GE0/1 11.1.1.2/24
GE0/2 10.1.1.1
/
24
GE0/2
10.1.1.2
/
24
GE0/3 192.168.11.1/24
GE0/3
192.168.11.2
/
24
Tunnel0 172.168.1.1/24 Tunnel0 172.168.2.2/24
Tunnel1 192.168.22.1/24
Tunnel1
192.168.22.2/24
Firewall C GE0/1 11.1.1.3
/
24
Firewall C
Tunnel0
172.168.1.3/24
GE0/2 192.168.12.1/24 Tunnel1 172.168.2.3/24
Configuration procedure
1. Configure IP addresses and masks for interfaces according to Figure 54. (Details not shown.)
2. Configure Firewall A:
# Create a tunnel interface Tunnel1 and configure an IP address for it.
<FirewallA> system-view
[FirewallA] interface tunnel 1
[FirewallA-Tunnel1] ip address 192.168.22.1 255.255.255.0
# Configure the tunnel encapsulation mode of the tunnel interface Tunnel1 as GRE over IPv4.
[FirewallA-Tunnel1] tunnel-protocol gre
# Configure the source and destination IP addresses of the tunnel interface Tunnel1.
[FirewallA-Tunnel1] source 10.1.1.1
[FirewallA-Tunnel1] destination 10.1.1.2
[FirewallA-Tunnel1] quit
# Create a tunnel interface named Tunnel0 and configure an IP address for it.
[FirewallA] interface tunnel 0
[FirewallA-Tunnel0] ip address 172.168.1.1 255.255.255.0
# Configure the tunnel encapsulation mode of the tunnel interface Tunnel0 as P2MP GRE.
[FirewallA-Tunnel0] tunnel-protocol gre p2mp
# Configure the mask of the branch network connected to the tunnel interface Tunnel0 as
255.255.255.0.
[FirewallA-Tunnel0] gre p2mp branch-network-mask 255.255.255.0
GE0/2
GE0/1
GE0/1
Firewall A
Firewall B
(Backup gateway)
IPv4 network
Firewall C
GE0/2
GE0/3
GE0/3
GE0/1 GE0/2
Tunnel0
Tunnel0
Tunnel0
Tunnel1
Tunnel1
Tunnel1
Host A
Host B
Host C
GRE P2MP tunnel
GRE over IPv4 tunnel
Headquarters
Branch