Solution:
Pre-configure interfaces on the routers for connection with WAN, enable GRE packets reception from a
security zone where WAN connected interfaces operate.
Create GRE 10 tunnel:
esr(config)# tunnel gre 10
Specify local and remote gateways (IP addresses of WAN border interfaces):
esr(config-gre)# local address 115.0.0.1
esr(config-gre)# remote address 114.0.0.10
Specify tunnel IP address 25.0.0.1/24:
esr(config-gre)# ip address 25.0.0.1/24
Also, the tunnel should belong to the security zone in order to create rules that allow traffic to pass through the
firewall. To define the tunnel inherence to a zone, use the following command:
esr(config-gre)# security-zone untrusted
Enable tunnel:
esr(config-gre)# enable
esr(config-gre)# exit
Create route to the partner's local area network on the router. Specify previously created GRE tunnel as a
destination interface.
esr(config)# ip route 172.16.0.0/16 tunnel gre 10
When settings are applied, traffic will be encapsulated into the tunnel and sent to the partner regardless of
their GRE tunnel existence and settings validity.
To Next Page
Loading...
