здравствуйте. упражняюсь с 2мя dfl-210 (wanами - воткнуты в 1 свитч), попытался сделать GRE туннель (3.3.5. GRE Tunnels, NetDefendOS_220_Firewall_User_Manual_v1.06.pdf),
и не могу понять чего добился. ничто никуда не пингуется, подскажите что не так..
спасибо.


A) Status-Connections:
State Proto Source Destination Timeout
RAWIP GRE core:172.16.0.1:0 wan:172.16.1.1:0 130
B) Status-Connections:
State Proto Source Destination Timeout
RAWIP GRE core:172.16.1.1:0 wan:172.16.0.1:0 130


===================== A
Address Book
Name Address User Auth Groups Comments
all-nets 0.0.0.0/0 All possible networks
ip_GRE 192.168.0.1
remote_gw 172.16.1.1
remote_net_B 192.168.11.0/24

InterfaceAddresses
Name Address User Auth Groups Comments
dmz_ip 172.17.100.254 IPAddress of interface dmz
dmznet 172.17.100.0/24 The network on interface dmz
lan_ip 192.168.10.1 IPAddress of interface lan
lannet 192.168.10.0/24 The network on interface lan
wan_dns1 0.0.0.0 Primary DNS server for interface wan.
wan_dns2 0.0.0.0 Secondary DNS server for interface wan.
wan_gw 0.0.0.0 Default gateway for interface wan.
wan_ip 172.16.0.1 IPAddress of interface wan
wannet 172.16.0.0/24 The network on interface wan

1. In the address book set up the following IP objects:
• remote_net_B: 192.168.11.0/24
• remote_gw: 172.16.1.1
• ip_GRE: 192.168.0.1

2. Create a GRE Tunnel object called GRE_to_B with the following parameters:
• IP Address: ip_GRE
• Remote Network: remote_net_B
• Remote Endpoint: remote_gw
• Use Session Key: 1
• Additional Encapulation Checksum: Enabled

3. Define a route in the main routing table which routes all traffic to remote_net_B on the
GRE_to_B GRE interface. This is not necessary if the option Add route for remote network
is enabled in the Advanced tab, since this will add the route automatically.

4. Create the following rules in the IP rule set that allow traffic to pass through the tunnel:
Name Action Src Interface Src Network Dest Interface Dest Network Service
To_B Allow lan lannet GRE_to_B r emote_net_B All
From_B Allow GRE_to_B remote_net_B lan lannet All

===================== B
Address Book
Name Address User Auth Groups Comments
all-nets 0.0.0.0/0 All possible networks
ip_GRE 192.168.0.2
remote_gw 172.16.0.1
remote_net_B 192.168.10.0/24

InterfaceAddresses
Name Address User Auth Groups Comments
dmz_ip 172.17.100.254 IPAddress of interface dmz
dmznet 172.17.100.0/24 The network on interface dmz
lan_ip 192.168.11.1 IPAddress of interface lan
lannet 192.168.11.0/24 The network on interface lan
wan_dns1 0.0.0.0 Primary DNS server for interface wan.
wan_dns2 0.0.0.0 Secondary DNS server for interface wan.
wan_gw 0.0.0.0 Default gateway for interface wan.
wan_ip 172.16.1.1 IPAddress of interface wan
wannet 172.16.0.0/24 The network on interface wan

1. In the address book set up the following IP objects:
• remote_net_A: 192.168.10.0/24
• remote_gw: 172.16.0.1
• ip_GRE: 192.168.0.2

2. Create a GRE Tunnel object called GRE_to_A with the following parameters:
• IP Address: ip_GRE
• Remote Network: remote_net_A
• Remote Endpoint: remote_gw
• Use Session Key: 1
• Additional Encapulation Checksum: Enabled

3. Define a route in the main routing table which routes all traffic to remote_net_A on the
GRE_to_A GRE interface. This is not necessary if the option Add route for remote network
is enabled in the Advanced tab, since this will add the route automatically.

4. Create the following rules in the IP rule set that allow traffic to pass through the tunnel:
Name Action Src Interface Src Network Dest Interface Dest Network Service
To_A Allow lan lannet GRE_to_A remote_net_A All
From_A Allow GRE_to_A remote_net_A lan lannet All