Virtual PrivateNetworks(VPN) Generic Routing Encapsulation (GRE)
IX20 User Guide
594
Example: GRE tunnel over an IPSec tunnel
The IX20 device can be configured as an advertised set of routesthrough an IPSec tunnel. This allows
you to leverage the dynamic route advertisement of GREtunnelsthrough a secured IPSec tunnel.
The example configuration provides instructionsfor configuring the IX20 device with a GRE tunnel
through IPsec.
IX20-1 configuration tasks
1. Create an IPsec tunnel named ipsec_gre1 with:
n
Apre-shared key.
n
Remote endpoint set to the public IPaddressof the IX20-2 device.
n
Apolicy with:
l
Local network set to the IPaddressand subnet of the local GREtunnel,
172.30.0.1/32.
l
Remote network set to the IPaddress and subnet of the remote GREtunnel,
172.30.0.2/32.
2. Create an IPsec endpoint interface named ipsec_endpoint1:
a. Zone set to Internal.
b. Device set to Ethernet: Loopback.
c. IPv4Addressset to the IPaddress of the local GREtunnel, 172.30.0.1/32.
3. Create a GREtunnel named gre_tunnel1:
a. Local endpoint set to the IPsec endpoint interface, Interface: ipsec_endpoint1.
b. Remote endpoint set to the IPaddress of the GREtunnel on IX20-2, 172.30.0.2.
4. Create an interface named gre_interface1 and add it to the GREtunnel:
a. Zone set to Internal.
b. Device set to IP tunnel: gre_tunnel1.
c. IPv4Addressset to a virtual IPaddresson the GREtunnel, 172.31.0.1/30.
IX20-2 configuration tasks
1. Create an IPsec tunnel named ipsec_gre2 with:
n
The same pre-shared key asthe ipsec_gre1 tunnel on IX20-1.
n
Remote endpoint set to the public IPaddressof IX20-1.
n
Apolicy with:
l
Local network set to the IPaddressand subnet of the local GREtunnel,
172.30.0.2/32.
l
Remote network set to the IPaddress of the remote GREtunnel, 172.30.0.1/32.
To Next Page
Loading...
Need help?
General