Ruijie Community

Title: How to configure an IPv4 over IPv4 GRE Tunnel on firewall? [Print this page]

---

Author: zhangqiao@ruiji    Time: 2024-11-28 10:44
Title: How to configure an IPv4 over IPv4 GRE Tunnel on firewall?
Service Demands

As shown in Figure, both Firewall 1 and Firewall 2 have fixed public IP addresses. A GRE VPN tunnel needs to be established between the LANs where Firewall 1 and Firewall 2 reside to enable IPv4 network communication.

• Configure tunnel key values for both ends to authenticate the remote end of the GRE tunnel.
  
• Enable the check sum function to prevent data tampering.
  
• Enable the keep alive mechanism to detect whether the remote end is available. If the remote end is unavailable, the corresponding GRE interface is switched to Down to prevent data black holes.
  
  

Restrictions and Guidelines

Currently, GRE supports IPv4 tunnel encapsulation but not IPv6 tunnel encapsulation.

Prerequisites

You have completed basic network configurations for Firewall 1 and Firewall 2, including interface IP addresses and default routes.Pay attention to the following point during configuration:

Ensure that Firewall 1 and Firewall 2 can communicate witch each other through tunnel encapsulation IP addresses.

Procedure

Configuring Firewall 1

(1) Configure a GRE interface.

(a) Choose Network > Interface > Tunnel Interface > GRE Interface.

(b) Click Create. On the page that is displayed,configure the following parameters for the GRE interface.

(c) After completing the configuration, click Save.

(2) Configure a service data route.

(a) Choose Network > Routing > Static Routing> IPv4.

(b) Click Create. On the page that is displayed, add a static route.

(c) After completing the configuration, click Save.

(3) Configure an IPv4 address pool object.

(a) Choose Object > Address > IPv4 address.The address object configuration page is displayed.

(b) Click Create. On the page that is displayed,add a local address object.

(c) After completing the configuration, click Save.

(d) Click Create. On the page that is displayed, add a remote address object.

(e) After completing the configuration, click Save.  

(4) Configure security polices.

(a) Choose Policy> Security Policy > Security Policy. The security policy configuration page is displayed.

(b) Click Create.On the page that is displayed, add a security policy for traffic from the local end to the remote end.

(c) After completing the configuration, click Save.

(d) Click Create. On the page that is displayed, add a security policy for traffic from the remote end to the local end.

(e) After completing the configuration, click Save.

• Configuring Firewall 2
  
  

(1) Configure a GRE interface.

(a) Choose Network > Interface > Tunnel Interface > GRE Interface.

(b) Click Create. On the page that is displayed, configure the following parameters for the GRE interface.  

(c) After completing the configuration, click Save.

(2) Configure a service data route.

(a) Choose Network > Routing > Static Routing> IPv4.

(b) Click Create. On the page that is displayed,add a static route.

(c) After completing the configuration, click Save.

(3) Configure an IPv4 address pool object.

(a) Choose Object > Address > IPv4 Address.The address object configuration page is displayed.

(b) Click Create. On the page that is displayed, add a local address object.

(c) After completing the configuration, click Save.

(d) Click Create. On the page that is displayed,add a remote address object.

(e) After completing the configuration, click Save.

(4) Configure security policies.

(a) Choose Policy> Security Policy > Security Policy. The security policy configuration page is displayed.

(b) Click Create. On the page that is displayed, add a security policy for traffic from the local end to the remote end.

(c) After completing the configuration, click Save.

(d) Click Create. On the page that is displayed, add a security policy for traffic from the remote end to the local end.

(e) After completing the configuration, click Save.

Verification

• Checking Interface Status
  

On the web UI of Firewall 1, choose Network > Interface > Tunnel Interface > GRE Interface and check the interface status.

On the web UI of Firewall 2, choose Network >Interface > Tunnel Interface > GRE Interface and check the interfacestatus.

If the keep alive function is enabled and no keep alive packet is received from the remote device within the detection interval, the interface is switched to the Down state.

Pinging the Remote Network Address

Checking Interface Traffic Statistics

Choose Monitor> Traffic Monitoring > Interface Traffic > Interface Traffic Details and check detailed interface traffic statistics.

---

Welcome to Ruijie Community (https://community.ruijienetworks.com/)

Powered by Discuz! X3.2