Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
811812813814815816817818819820
7-299
Virtual Private Networks
GRE Examples
GRE Examples
This section contains examples of GRE implementations with step-by-step
configuration instructions. The examples provided are:
Enabling OSPF on a GRE tunnel
See “Enabling OSFP on a GRE tunnel” on page 7-299.
Configuring redundant GRE tunnels
See “Redundant GRE Tunnels” on page 7-330.
Enabling OSFP on a GRE tunnel
This section provides step-by-step instructions for configuring a GRE tunnel
between two Threat Management Services (TMS) zl Modules.
This VPN connects two networks, each behind a TMS zl Module. Each site has
two zones configured.
With this VPN, users in VLAN 40 of site B will be able to connect with VLAN
70 of site A. Although there are other VLANs in Zone2 and Zone6, only traffic
between VLAN 40 and VLAN 70 will be allowed through this tunnel.
The IP address of the VLAN that connects each site to the Internet will serve
as the gateway address for each module (172.23.99.99 and 192.168.33.22).
Each TMS zl Module treats GRE traffic as traffic between the Self zone and
the zone used to connect to the remote module (the External zone), so you
must configure firewall access policies to allow GRE traffic between these
zones. You must also configure firewall access policies that permit the traffic
that is encapsulated by the tunnel. On Module A, this is traffic between Zone6
and the tunnel’s zone (Zone4); on module B, this traffic is traffic between
Zone2 and the tunnel’s zone (Zone4). Additionally, each TMS zl Module
exchanges OSPF messages between the Self zone and the tunnel’s zone
(Zone4). Default policies permit all OSPF traffic, but in this example, these
policies have been disabled. You will add policies to permit OSPF traffic
specifically between the two modules. (In this case, you would also need to
add policies to permit OSPF traffic to other routers and routing switches.)
Figure 7-256 shows all of the IP addresses and zones that will be used for this
configuration. Figure 7-257 shows all of OSPF settings that will be used for
this configuration.