HP VPN Firewall Appliances VPN Configuration Guide
85
• The destination address of the route passing the tunnel interface must not be on the same subnet as
the destination address configured on the tunnel interface.
• Two or more local tunnel interfaces using the same encapsulation protocol must have different
source and destination addresses.
• If you specify a source interface instead of a source address for a tunnel interface, the source
address of the tunnel is the primary IP address of the source interface.
Configuration procedure
To configure an IPv4 over IPv4 tunnel:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter tunnel interface
view.
interface tunnel number N/A
3. Configure an IPv4
address for the tunnel
interface.
ip address ip-address { mask |
mask-length } [ sub ]
By default, no IPv4 address is
configured for the tunnel interface.
4. Specify the IPv4 over
IPv4 tunnel mode.
tunnel-protocol ipv4-ipv4
The default tunnel mode is GRE over
IPv4 mode. The same tunnel mode
should be configured at both ends of the
tunnel. Otherwise, packet delivery fails.
5. Configure a source
address or interface for
the tunnel interface.
source { ip-address | interface-type
interface-number }
By default, no source address or
interface is configured for the tunnel.
6. Configure a destination
address for the tunnel
interface.
destination ip-address
By default, no destination address is
configured for the tunnel.
Configuration example
Network requirements
As shown in Figure 69, the two subnets Group 1 and Group 2 use private IPv4 addresses. Configure an
IPv4 over IPv4 tunnel between Firewall A and Firewall B to make the two subnets reachable to each other.
Figure 69 Network diagram
Configuration procedure
Make sure Firewall A and Firewall B can reach each other through IPv4.
GE0/1
10.1.1.1/24
GE0/2
2.1.1.1/24
GE0/1
10.1.3.1/24
Firewall A
IPv4 netwok
IPv4
Group 1
Tunnel1
10.1.2.1/24
GE0/2
3.1.1.1/24
Tunnel2
10.1.2.2/24
IPv4
Group 2
Firewall B
IPv4 over IPv4 tunnel