Configuring secpath a, Figure 30 – H3C Technologies H3C SecPath F1000-E User Manual
Page 46
34
Figure 30 Network diagram
Device Interface IP
address
Device
Interface
IP address
SecPath A
GE0/1
11.1.1.1/24
SecPath B
GE0/1
11.1.1.2/24
GE0/2
10.1.1.1/24
GE0/2
10.1.1.2/24
GE0/3
192.168.11.1/24
GE0/3
192.168.11.2/24
Tunnel0
172.168.1.1/24
Tunnel0
172.168.2.2/24
Tunnel1
192.168.22.1/24
Tunnel1
192.168.22.2/24
SecPath C
GE0/1
11.1.1.3/24
SecPath C
Tunnel0
172.168.1.3/24
GE0/2
192.168.12.1/24
Tunnel1
172.168.2.3/24
Configuring SecPath A
1.
Configure an IPv4 address for each interface and assign the interfaces to security zones. (Details
not shown.)
2.
Create GRE over IPv4 tunnel interface, with the tunnel interface number being 1:
a.
Select VPN > GRE > GRE from the navigation tree.
b.
Click Add to perform the configurations shown in
c.
Enter 1 in the Tunnel Interface field.
d.
Enter IP address/mask 192.168.22.1/24.
e.
Select Management from the Zone list. (Select a security zone according to your network
configuration.)
f.
Enter the tunnel source IP address 10.1.1.1.
g.
Enter the tunnel destination IP address 10.1.1.2.
h.
Click Apply.
GE0/2
GE0/1
GE0/1
SecPath A
SecPath B
(Backup gateway)
IPv4 network
SecPath C
GE0/2
GE0/1
GE0/2
Tunnel0
Tunnel0
Tunnel0
Tunnel1
Tunnel1
Tunnel1
Host A
Host B
Host C
GRE P2MP tunnel
GRE over IPv4 tunnel
Headquarters
Branch
GE0/3
GE0/3
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS