Table of Contents
Advertisement
2
b. Configuring from IP Unit 2 to IP Unit 1:
c. Configuring from IP Unit 3 to IP Unit 4:
d. Configuring from IP Unit 4 to IP Unit 3:
2. OSPF provides redundancy in case a tunnel becomes available. OSPF detects when the
firewall at the other end of an HA GRE tunnel is no longer reachable and then obtains a new
route by using the backup HA GRE tunnel and forwards the packets to the backup firewall.
Perform the steps as presented in the
Example"
IP Unit 1:
IP Unit 2:
IP Unit 3:
IP Unit 4:
Use iclid to show all OSPF neighbors. Each firewall should show two neighbors and also
show that the best route to the destination network is through the corresponding HA GRE
tunnel.
3. VRRP provides redundancy in case one of the firewalls is lost. Perform the steps as
presented in
VRRP:
IP Unit 1: Enable VRRP on
IP Unit 2: Enable VRRP on
IP Unit 3: Enable VRRP on
IP Unit 4: Enable VRRP on
4. HA GRE tunnels work by encapsulating the original packet and resending the packet
through the firewall. The first time the firewall sees the packet, it has the original IP header;
the second time, the packet has the end points of the tunnels as the src and dst IP
addresses.
The firewall needs to be configured to accept all packets with the original IP header so the
encapsulation can take place. An encryption rule is then defined to encrypt those packets
that match the tunnel endpoints.
124
Enter
in the Local endpoint text box.
170.0.0.1
Enter
in the Remote endpoint text box.
171.0.0.1
Enter
in the Local address text box.
10.0.0.2
Enter
in the Remote address text box.
10.0.0.1
Enter
in the Local endpoint text box.
171.0.0.1
Enter
in the Remote endpoint text box.
170.0.0.1
Enter
in the Local address text box.
11.0.0.1
Enter
in the Remote address text box.
11.0.0.2
Enter
in the Local endpoint text box.
170.0.1.1
Enter
in the Remote endpoint text box
171.0.1.1
Enter
in the Local address text box.
11.0.0.2
Enter
in the Remote address text box.
11.0.0.1
Enter
in the Local endpoint text box.
171.0.1.1
Enter
in the Remote endpoint text box.
170.0.1.1
sections. For this example, enable OSPF by using the following interface values:
and
10.0.0.1
192.168.0.1
and
10.0.0.2
192.168.1.1
and
11.0.0.1
192.168.0.2
and
11.0.0.2
192.168.1.2
"Configuring VRRP"
"Configuring OSPF"
on page 186. Use the following values to configure
with
192.168.0.1
192.168.0.2
with
192.168.1.1
192.168.1.2
with
192.168.0.2
192.168.0.1
with
192.168.1.2
192.168.1.1
Nokia Network Voyager for IPSO 4.0 Reference Guide
and
"Configuring OSPF
as a backup
as a backup
as a backup
as a backup
Advertisement
Table of Contents
Troubleshooting
