Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual
Page 70
58
Figure 55 Network diagram
Device Interface IP
Address
Device
Interface
IP Address
SecPath A
GE0/1
11.1.1.1/24
SecPath B
GE0/1
11.1.1.2/24
GE0/2
172.17.17.1/24
GE0/2
192.168.1.2/24
Tunnel0
192.168.22.1/24
Tunnel0
192.168.22.2/24
SecPath C
GE0/1
11.1.1.3/24
SecPath C
Tunnel0
192.168.22.3/24
GE0/2
192.168.1.3/24
Configuration procedure
Configure IP addresses and masks for interfaces as per
. (Details not shown.)
1.
Configure SecPath A:
# Create tunnel interface Tunnel0 and configure an IP address for it.
[SecPathA] interface tunnel 0
[SecPathA-Tunnel0] ip address 192.168.22.1 255.255.255.0
# Configure the tunnel encapsulation mode of interface Tunnel0 as P2MP GRE.
[SecPathA-Tunnel0] tunnel-protocol gre p2mp
# Configure the mask of the branch network connected to Tunnel0 as 255.255.255.0.
[SecPathA-Tunnel0] gre p2mp branch-network-mask 255.255.255.0
# Set the tunnel entry aging time to 20 seconds.
[SecPathA-Tunnel0] gre p2mp aging-time 20
# Configure the source IP address of interface Tunnel0.
[SecPathA-Tunnel0] source 11.1.1.1
[SecPathA-Tunnel0] quit
# Configure a static route to the branch network with the outgoing interface being Tunnel 0.
[SecPathA] ip route-static 192.168.1.0 255.255.255.0 tunnel 0
2.
Configure SecPath B:
# Create tunnel interface Tunnel0 and configure an IP address for it.
[SecPathB] interface tunnel 0
[SecPathB-Tunnel0] ip address 192.168.22.2 255.255.255.0
# Configure the tunnel encapsulation mode of interface Tunnel0 as GRE over IPv4.
[SecPathB-Tunnel0] tunnel-protocol gre
# Configure the source and destination IP addresses of interface Tunnel0.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS