Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
61626364656667686970
55
Dest Addr Mask Tunnel Dest Addr Gre Key
# Ping Host A from Host C. View tunnel entries on Firewall B:
[FirewallB] display gre p2mp tunnel-table interface tunnel 0
Dest Addr Mask Tunnel Dest Addr Gre Key
192.168.12.0 255.255.255.0 11.1.1.3
Then, Host A can ping Host C.
The verification process shows that:
{ After the link between Firewall A and Firewall C went down, the tunnel entry aging timer started
to work.
{ After the timer expired, the tunnel entry on Firewall A was removed.
{ After Firewall C sent a packet to Firewall B, a tunnel entry to the branch network was generated
on Firewall B. Packets from the headquarters to the branch network are delivered by Firewall A
to Firewall B through the backup interface, and then Firewall B forwards these packets to the
branch.
Configuration example for backing up a P2MP GRE tunnel at a
branch
Network requirements
As shown in Figure 55, a branch uses two gateways at the egress of the internal network, with Firewall
C for backup. A P2MP GRE tunnel is created on Firewall A, the gateway at the headquarters, allowing
Firewall A to establish two GRE tunnels to the branch network, one for connecting Firewall B and the
other for connecting Firewall C. Firewall A decides which GRE tunnel to use to send packets to the hosts
on the branch network.
To meet the requirements, configure different GRE keys for the GRE tunnels on Firewall B and Firewall C,
so that Firewall A can choose a tunnel according to the GRE key values.
In this example, the GRE tunnel between Firewall A and Firewall B has a higher priority.