H3C Technologies H3C SecPath F1000-E User Manual

Page 18

Table 1 Configuration items

Item Description

Tunnel Interface

Specify the number of the tunnel interface.

IP/Mask

Specify the IP address and subnet mask of the tunnel interface.

IMPORTANT:

When configuring a static route on the tunnel interface, note that the destination IP

address of the static route must not be in the subnet of the tunnel interface.

Zone

Specify the security zone to which the tunnel interface belongs.

Tunnel Source
IP/Interface

Specify the source IP address and destination IP address for the tunnel interface.
For the tunnel source address, you can input an IP address or select an interface. In

the latter case, the primary IP address of the interface will be used as the tunnel

source address.

IMPORTANT:

The source address and destination address of a tunnel uniquely identify a path. They
must be configured at both ends of the tunnel and the source address at one end must

be the destination address at the other end and vice versa.

Tunnel Destination IP

GRE Key

Specify the key for the GRE tunnel interface. This configuration is to prevent the
tunnel ends from servicing or receiving packets from other places.

IMPORTANT:

The two ends of a tunnel must have the same key or have no key at the same time.

GRE Packet Checksum

Enable or disable the GRE packet checksum function.

Keepalive

Enable or disable the GRE keepalive function.
With the GRE keepalive function enabled on a tunnel interface, the firewall sends
GRE keepalive packets from the tunnel interface periodically. If no response is

received from the peer within the specified interval, the firewall retransmits the

keepalive packet. If the firewall still receives no response from the peer after
sending the keepalive packet for the maximum number of attempts, the local tunnel

interface goes down and stays down until it receives a keepalive acknowledgement

packet from the peer.

Keepalive Interval

Specify the interval between sending the keepalive packets and the maximum
number of transmission attempts.
The two configuration items are available when you select Enable for the GRE

keepalive function.

Number of Retries

GRE over IPv4 tunnel configuration example in the web

interface

NOTE:

In this configuration example, either Device A or Device B is the SecPath firewall.

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS