Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
61626364656667686970
57
[FirewallB-Tunnel0] tunnel-protocol gre
# Configure the source and destination IP addresses of the tunnel interface Tunnel0.
[FirewallB-Tunnel0] source 11.1.1.2
[FirewallB-Tunnel0] destination 11.1.1.1
# Set the GRE key of the tunnel interface Tunnel0 to 1.
[FirewallB-Tunnel0] gre key 1
[FirewallB-Tunnel0] quit
# Configure a static route to the headquarters network with the outgoing interface being the tunnel
Tunnel0.
[FirewallB] ip route-static 172.17.17.0 255.255.255.0 tunnel 0
4. Configure Firewall C:
# Create a tunnel interface named Tunnel0 and configure an IP address for it.
<FirewallC> system-view
[FirewallC] interface tunnel 0
[FirewallC-Tunnel0] ip address 192.168.22.3 255.255.255.0
# Configure the tunnel encapsulation mode of the tunnel interface Tunnel0 as GRE over IPv4.
[FirewallC-Tunnel0] tunnel-protocol gre
# Configure the source and destination IP addresses of the tunnel interface Tunnel0.
[FirewallC-Tunnel0] source 11.1.1.3
[FirewallC-Tunnel0] destination 11.1.1.1
# Set the GRE key of the tunnel interface Tunnel0 to 2.
[FirewallC-Tunnel0] gre key 2
[FirewallC-Tunnel0] quit
# Configure a static route to the headquarters network with the outgoing interface being the tunnel
interface Tunnel0.
[FirewallC] ip route-static 172.17.17.0 255.255.255.0 tunnel 0
5. Verify the configuration:
# On Host B, specify Firewall C as the default gateway. Ping Host A from Host B. The ping
operation succeeds. View tunnel entries on Firewall A:
[FirewallA] display gre p2mp tunnel-table interface tunnel 0
Dest Addr Mask Tunnel Dest Addr Gre Key
192.168.1.0 255.255.255.0 11.1.1.3 2
# On Host B, specify Firewall B as the default gateway. Ping Host A from Host B. The ping
operation succeeds. View tunnel entries on Firewall A:
[FirewallA] display gre p2mp tunnel-table interface tunnel 0
Dest Addr Mask Tunnel Dest Addr Gre Key
192.168.1.0 255.255.255.0 11.1.1.3 2
192.168.1.0 255.255.255.0 11.1.1.2 1
The output shows that Firewall A has two tunnel entries to the branch network and prefers the
tunnel entry with a smaller GRE key value. Packets are forwarded to hosts on the branch network
through Firewall B first.
# On Firewall B, shut down the tunnel interface Tunnel0 to cut off the tunnel link between Firewall
A and Firewall B.
[FirewallB] interface tunnel 0
[FirewallB-Tunnel0] shutdown