TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

841

842

843

844

845

846

847

848

849

850

7-330

Virtual Private Networks

GRE Examples

13. Permit multicast OSPF messages that arrive from the remote tunnel

endpoint:

a. For Action, accept the default, Permit Traffic.

b. For From, select Zone4.

c. For To, select SELF.

d. For Service, specify (89) OSPFIGP.

e. For Source, specify the module IP address on the tunnel interface:

10.8.8.1.

f. For Destination, leave the default, Any Address.

g. Click Apply.

14. Click Close.

15. Click Save.

Redundant GRE Tunnels

This section provides step-by-step instructions for configuring redundant

GRE tunnels between two Threat Management Services (TMS) zl Modules.

In this example, HP University is creating a GRE tunnel between two remote

buildings connected within a WAN. To secure the sensitive data, the GRE

tunnel will run within IPsec. In addition, administrators want to ensure the

availability of the tunnel, so you will configure two GRE tunnels. Each tunnel

uses a different connection between the local and the remote site. One of these

connections is a backup connection, which is intended to be used only when

necessary. Therefore, the GRE tunnel that uses the main connection acts as

the primary tunnel; the GRE tunnel on the backup connection acts as a standby

tunnel. You will configure routes such that the standby tunnel handles traffic

only in the event that the primary tunnel fails.

The primary GRE tunnel is shown in the illustration as the blue tunnel. Its

gateways are the TMS zl Module at Site A on VLAN 20 and a TMS zl Module at

Site B on VLAN 55. These VLANs connect to the primary WAN connection at

each site. The secondary GRE tunnel is shown as the purple tunnel. Its

gateways are the TMS zl Module at Site A on VLAN 21 and the TMS zl Module

at Site B on VLAN 56. As you can see, these VLANs connect to the backup

connection at each site. In this example, both tunnels on each module use

ZONE5. You could place a module’s two tunnels in different zones, but placing

them in the same zone allows you to create a single set of access policies for

both tunnels.