TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

841

842

843

844

845

846

847

848

849

850

7-327

Virtual Private Networks

GRE Examples

13. Permit multicast OSPF messages that arrive from the remote tunnel

endpoint:

a. For Action, accept the default, Permit Traffic.

b. For From, select Zone4.

c. For To, select SELF.

d. For Service, specify (89) OSPFIGP.

e. For Source, specify the module IP address on the tunnel interface:

10.8.8.1.

f. For Destination, leave the default, Any Address.

g. Click Apply.

14. Click Close.

15. Click Save.

Redundant GRE Tunnels

This section provides step-by-step instructions for configuring redundant

GRE tunnels between two Threat Management Services (TMS) zl Modules.

In this example, ProCurve University is creating a GRE tunnel between two

remote buildings connected within a WAN. To secure the sensitive data, the

GRE tunnel will run within IPsec. In addition, administrators want to ensure

the availability of the tunnel, so you will configure two GRE tunnels. Each

tunnel uses a different connection between the local and the remote site. One

of these connections is a backup connection, which is intended to be used

only when necessary. Therefore, the GRE tunnel that uses the main connec-

tion acts as the primary tunnel; the GRE tunnel on the backup connection acts

as a standby tunnel. You will configure routes such that the standby tunnel

handles traffic only in the event that the primary tunnel fails.

The primary GRE tunnel is shown in the illustration as the blue tunnel. Its

gateways are the TMS zl Module at Site A on VLAN 20 and a TMS zl Module at

Site B on VLAN 55. These VLANs connect to the primary WAN connection at

each site. The secondary GRE tunnel is shown as the purple tunnel. Its

gateways are the TMS zl Module at Site A on VLAN 21 and the TMS zl Module

at Site B on VLAN 56. As you can see, these VLANs connect to the backup

connection at each site. In this example, both tunnels on each module use

ZONE5. You could place a module’s two tunnels in different zones, but placing

them in the same zone allows you to create a single set of access policies for

both tunnels.