TMS zl Management and Configuration Guide ST.1.1.100430

7-209

Virtual Private Networks

Configure a GRE over IPsec VPN with IKE

d. For Service, accept the default, Any Service.

This is the most basic configuration. You could also permit only

certain types of traffic.

e. For Source, specify the IP addresses of remote endpoints that are

allowed to send traffic on the tunnel.

f. For Destination, specify the appropriate multicast address.

If you have selected a specific service, you can also leave Any Address

if you choose.

g. Click Apply.

3. If you enabled a dynamic routing protocol (RIP or OSPF) on the tunnel,

ensure that access policies permit this traffic between SELF and the

tunnel zone. (This is the default setting.)

4. In the Add Policy window, click Close.

5. Click Save.

Configure a GRE over IPsec VPN with

IKE

You must complete these tasks to configure GRE over IPsec with IKE:

1. Optionally, create named objects, which you can use in VPN and firewall

access policies related to the GRE tunnel.

Using named objects is best practice; however, you can specify IP

addresses manually. See “Create Named Objects (Optional)” on page

7-210.

2. Create a GRE tunnel for the traffic that you want to secure with GRE over

IPsec.

See “Create a GRE Tunnel” on page 7-211.

3. Verify that there is a route to the remote tunnel gateway.

See “Verify that a Route to the Remote Tunnel Gateway Exists” on page

7-215.

4. Create routes through the GRE tunnel interface.

See “Configure Routes that Use the GRE Tunnel Interface” on page 7-216.