Table of Contents
Advertisement
Virtual Private Networks (VPN)
Example: GRE tunnel over an IPSec tunnel
The IX20 device can be configured as an advertised set of routes through an IPSec tunnel. This allows
you to leverage the dynamic route advertisement of GRE tunnels through a secured IPSec tunnel.
The example configuration provides instructions for configuring the IX20 device with a GRE tunnel
through IPsec.
IX20-1 configuration tasks
1. Create an IPsec tunnel named ipsec_gre1 with:
A pre-shared key.
n
Remote endpoint set to the public IP address of the IX20-2 device.
n
A policy with:
n
l
l
2. Create an IPsec endpoint interface named ipsec_endpoint1:
a. Zone set to Internal.
b. Device set to Ethernet: Loopback.
c. IPv4 Address set to the IP address of the local GRE tunnel, 172.30.0.1/32.
3. Create a GRE tunnel named gre_tunnel1:
a. Local endpoint set to the IPsec endpoint interface, Interface: ipsec_endpoint1.
b. Remote endpoint set to the IP address of the GRE tunnel on IX20-2, 172.30.0.2.
4. Create an interface named gre_interface1 and add it to the GRE tunnel:
a. Zone set to Internal.
b. Device set to IP tunnel: gre_tunnel1.
c. IPv4 Address set to a virtual IP address on the GRE tunnel, 172.31.0.1/30.
IX20-2 configuration tasks
1. Create an IPsec tunnel named ipsec_gre2 with:
The same pre-shared key as the ipsec_gre1 tunnel on IX20-1.
n
Remote endpoint set to the public IP address of IX20-1.
n
A policy with:
n
l
l
IX20 User Guide
Local network set to the IP address and subnet of the local GRE tunnel,
172.30.0.1/32.
Remote network set to the IP address and subnet of the remote GRE tunnel,
172.30.0.2/32.
Local network set to the IP address and subnet of the local GRE tunnel,
172.30.0.2/32.
Remote network set to the IP address of the remote GRE tunnel, 172.30.0.1/32.
Generic Routing Encapsulation (GRE)
374
Advertisement
Table of Contents
