<< Create IPsec Policy (4 of 4)

Create Static Route>>

 

Example 5: GRE over IPsec, Site-to-Site, with Manual Keying

Create Firewall Access Policies for the Tunnel Traffic

Now you can create firewall access policies to permit the GRE tunnel traffic.

TMS zl Module A

TMS zl Module B

  1. Select Firewall > Access Policies > Unicast.

  2. Click Add a Policy.

  3. Permit GRE packets from Site B:

  1. For Action, accept the default: Permit Traffic.

  2. For From, select EXTERNAL.

  3. For To, select SELF.

  4. For Service, select gre.

  5. For Source, select siteBinter.

  6. For Destination, select siteAinter.

  7. Select the Enable logging on this Policy check box.

Because policy logging is processor-intensive, it is not recommended that you enable logging permanently. Use policy logging for troubleshooting and testing only.

  1. Click Apply.

  1. Permit GRE packets to Site B:

  1. For Action, accept the default: Permit Traffic.

  2. For From, select SELF.

  3. For To, select EXTERNAL.

  4. For Service, select gre.

  5. For Source, select siteAinter.

  6. For Destination, select siteBinter.

  7. Click Apply.

  1. Permit HTTP traffic to the GRE tunnel:

  1. For Action, accept the default: Permit Traffic.

  2. For From, select ZONE6.

  3. For To, select ZONE4.

  4. For Service, select http.

  5. For Source, select VLAN70.

  6. For Destination, select VLAN40.

  7. Click Apply.

  1. Permit HTTP traffic from the GRE tunnel:

  1. For Action, accept the default: Permit Traffic.

  2. For From, select ZONE4.

  3. For To, select ZONE6.

  4. For Service, select http.

  5. For Source, select VLAN40.

  6. For Destination, select VLAN70.

  7. Click Apply.

  8. Click Close.

  1. Select Firewall > Access Policies > Multicast.

  2. Click Add a Policy.

  3. Permit GRE packets from Site A:

  1. For Action, accept the default: Permit Traffic.

  2. For From, select EXTERNAL.

  3. For To, select SELF.

  4. For Service, select gre.

  5. For Source, select siteAinter.

  6. For Destination, select siteBinter.

  7. Select the Enable logging on this Policy check box.

Because policy logging is processor-intensive, it is not recommended that you enable logging permanently. Use policy logging for troubleshooting and testing only.

  1. Click Apply.

  1. Permit GRE packets to Site A:

  1. For Action, accept the default: Permit Traffic.

  2. For From, select SELF.

  3. For To, select EXTERNAL.

  4. For Service, select gre.

  5. For Source, select siteBinter.

  6. For Destination, select siteAinter.

  7. Click Apply.

  1. Permit HTTP traffic to the GRE tunnel:

  1. For Action, accept the default: Permit Traffic.

  2. For From, select ZONE2.

  3. For To, select ZONE3.

  4. For Service, select http.

  5. For Source, select VLAN40.

  6. For Destination, select VLAN70.

  7. Click Apply.

  1. Permit HTTP traffic from the GRE tunnel:

  1. For Action, accept the default: Permit Traffic.

  2. For From, select ZONE3.

  3. For To, select ZONE2.

  4. For Service, select http.

  5. For Source, select VLAN70.

  6. For Destination, select VLAN40.

  7. Click Apply.

  8. Click Close.

<< Create IPsec Policy (4 of 4)

Create Static Route>>