Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
791792793794795796797798799800
7-273
Virtual Private Networks
Configure a GRE over IPsec VPN with Manual Keying
13. Click Save.
If you want, repeat these steps to create a redundant tunnel.
Verify that a Route to the Remote Tunnel Gateway
Exists
To establish the GRE tunnel, the TMS zl Module requires a route to the tunnel’s
destination address (indicated by 3 in the example figure). The route can be
to the specific address or any network that includes that address. The route
can be a static route or a route discovered with a routing protocol. It can even
be a default route, if the default gateway knows how to reach the remote
tunnel gateway. The forwarding interface for the route to the tunnel destina-
tion must never be the tunnel interface (if it is, recursive routing will shut the
tunnel down).
In the example figure, the forwarding interface would be the Gateway VLAN,
and the gateway for the route would be a router in this VLAN.
Caution Dynamic routing can introduce an issue. The remote tunnel gateway might
advertise a route to the tunnel destination address through the tunnel itself.
If this is the best, most specific route to the destination, then the module will
add it to its routing table. This causes causing recursive routing, which shuts
the tunnel down. Therefore, if you plan to use dynamic routing on the tunnel,
it is best practice to add a specific static route to the tunnel destination address
through the proper gateway. (Make sure to give this route an administrative
distance lower than the routing protocol.)