Fading Coder

One Final Commit for the Last Sprint

Home > Tech > Content

Configuring a GRE Site-to-Site VPN with NAT and OSPF in Huawei eNSP

Tech 2
  • Enterprise A (AR1) and Enterprise B (AR4) access the public core through NAT
  • The core routers (AR2, AR3) exchange routes using OSPF
  • A GRE tunnel connects the private LANs behind AR1 and AR4

Addressing overviwe

  • AR1
    • LAN: 10.0.1.0/24 (G0/0/0)
    • WAN: 100.64.1.0/30 (G0/0/1) — peer AR2
  • AR2
    • To AR1: 100.64.1.0/30 (G0/0/0)
    • To AR3: 172.16.23.0/30 (G0/0/1)
  • AR3
    • To AR2: 172.16.23.0/30 (G0/0/0)
    • To AR4: 100.64.2.0/30 (G0/0/1)
  • AR4
    • WAN: 100.64.2.0/30 (G0/0/0) — peer AR3
    • LAN: 10.0.2.0/24 (G0/0/1)
  • GRE tunnel: 172.31.0.0/30 between AR1 and AR4

Interface IP configuration

AR1

<Huawei> system-view
[Huawei] sysname AR1
[AR1] interface GigabitEthernet0/0/0
[AR1-GigabitEthernet0/0/0] ip address 10.0.1.1 255.255.255.0
[AR1-GigabitEthernet0/0/0] quit
[AR1] interface GigabitEthernet0/0/1
[AR1-GigabitEthernet0/0/1] ip address 100.64.1.1 255.255.255.252
[AR1-GigabitEthernet0/0/1] quit

AR2

<Huawei> system-view
[Huawei] sysname AR2
[AR2] interface GigabitEthernet0/0/0
[AR2-GigabitEthernet0/0/0] ip address 100.64.1.2 255.255.255.252
[AR2-GigabitEthernet0/0/0] quit
[AR2] interface GigabitEthernet0/0/1
[AR2-GigabitEthernet0/0/1] ip address 172.16.23.1 255.255.255.252
[AR2-GigabitEthernet0/0/1] quit

AR3

<Huawei> system-view
[Huawei] sysname AR3
[AR3] interface GigabitEthernet0/0/0
[AR3-GigabitEthernet0/0/0] ip address 172.16.23.2 255.255.255.252
[AR3-GigabitEthernet0/0/0] quit
[AR3] interface GigabitEthernet0/0/1
[AR3-GigabitEthernet0/0/1] ip address 100.64.2.1 255.255.255.252
[AR3-GigabitEthernet0/0/1] quit

AR4

<Huawei> system-view
[Huawei] sysname AR4
[AR4] interface GigabitEthernet0/0/0
[AR4-GigabitEthernet0/0/0] ip address 100.64.2.2 255.255.255.252
[AR4-GigabitEthernet0/0/0] quit
[AR4] interface GigabitEthernet0/0/1
[AR4-GigabitEthernet0/0/1] ip address 10.0.2.1 255.255.255.0
[AR4-GigabitEthernet0/0/1] quit

Core routing

Use OSPF on AR2 and AR3. Keep static defaults on AR1 and AR4 toward the core.

AR2

[AR2] ospf 1
[AR2-ospf-1] area 0
[AR2-ospf-1-area-0.0.0.0] network 100.64.1.0 0.0.0.3
[AR2-ospf-1-area-0.0.0.0] network 172.16.23.0 0.0.0.3
[AR2-ospf-1-area-0.0.0.0] quit

AR3

[AR3] ospf 1
[AR3-ospf-1] area 0
[AR3-ospf-1-area-0.0.0.0] network 172.16.23.0 0.0.0.3
[AR3-ospf-1-area-0.0.0.0] network 100.64.2.0 0.0.0.3
[AR3-ospf-1-area-0.0.0.0] quit

Edge defaults

[AR1] ip route-static 0.0.0.0 0.0.0.0 100.64.1.2
[AR4] ip route-static 0.0.0.0 0.0.0.0 100.64.2.1

NAT configuration (edge routers)

AR1

[AR1] acl number 2001
[AR1-acl-basic-2001] rule 5 permit source 10.0.1.0 0.0.0.255
[AR1-acl-basic-2001] quit
[AR1] interface GigabitEthernet0/0/1
[AR1-GigabitEthernet0/0/1] nat outbound 2001
[AR1-GigabitEthernet0/0/1] quit

AR4

[AR4] acl number 2002
[AR4-acl-basic-2002] rule 5 permit source 10.0.2.0 0.0.0.255
[AR4-acl-basic-2002] quit
[AR4] interface GigabitEthernet0/0/0
[AR4-GigabitEthernet0/0/0] nat outbound 2002
[AR4-GigabitEthernet0/0/0] quit

GRE tunnel configuration

AR1

[AR1] interface Tunnel0/0/0
[AR1-Tunnel0/0/0] tunnel-protocol gre
[AR1-Tunnel0/0/0] ip address 172.31.0.1 255.255.255.252
[AR1-Tunnel0/0/0] source 100.64.1.1
[AR1-Tunnel0/0/0] destination 100.64.2.2
[AR1-Tunnel0/0/0] quit
[AR1] ip route-static 10.0.2.0 255.255.255.0 Tunnel 0/0/0

AR4

[AR4] interface Tunnel0/0/0
[AR4-Tunnel0/0/0] tunnel-protocol gre
[AR4-Tunnel0/0/0] ip address 172.31.0.2 255.255.255.252
[AR4-Tunnel0/0/0] source 100.64.2.2
[AR4-Tunnel0/0/0] destination 100.64.1.1
[AR4-Tunnel0/0/0] quit
[AR4] ip route-static 10.0.1.0 255.255.255.0 Tunnel 0/0/0

Basic verification

  • Core routing
[AR2] display ospf peer brief
[AR3] display ospf lsdb brief
  • Tunnel status and reachability
[AR1] display interface Tunnel0/0/0
[AR1] ping 10.0.2.1
[AR4] ping 10.0.1.1
  • Path visibility through the tunnel
[AR1] tracert 10.0.2.1
[AR4] tracert 10.0.1.1
Tags: Huawei
Back to List

Prev: Integrating Apache Superset into Your Application with JWT Single Sign-On

Next: Parametrizing tests in pytest: marks, ids, scope, and hooks

Related Articles

Understanding Strong and Weak References in Java

Strong References Strong reference are the most prevalent type of object referencing in Java. When an object has a strong reference pointing to it, the garbage collector will not reclaim its memory. F...

Comprehensive Guide to SSTI Explained with Payload Bypass Techniques

Introduction Server-Side Template Injection (SSTI) is a vulnerability in web applications where user input is improper handled within the template engine and executed on the server. This exploit can r...

Implement Image Upload Functionality for Django Integrated TinyMCE Editor

Django’s Admin panel is highly user-friendly, and pairing it with TinyMCE, an effective rich text editor, simplifies content management significantly. Combining the two is particular useful for bloggi...

Leave a Comment

Anonymous

◎Feel free to join the discussion and share your thoughts.

Copyright © fadingcoder.top