After creating GRE tunnels in Forcepoint ONE SSE, you should configure the
tunnels on the Edge devices so that the web traffic flows between the edge device and Cloud SWG data centers. This topic describes the steps to configure GRE secondary tunnel on Cisco
IOS.
Follow the steps below to configure GRE tunnel to the secondary data center:
Steps
-
Create the tunnel interface with an ID.
-
Enter a unique IP address for the interface.
ip address <unused_internal_address_2> 255.255.255.252
Replace the <unused_internal_address_2> with any unused internal IP address representing the internal IP address for the secondary local tunnel
interface.
-
Enter the MSS value for the interface.
-
Set the tunnel source interface, which is the interface that the tunnel is attached to.
tunnel source <public_egress_ip>
Replace the <public_egress_ip> with your public egress IP address for the edge device.
-
Set the tunnel destination to the IP address of the secondary Cloud SWG tunnel.
tunnel destination <secondary_destination_address>
Replace the <secondary_destination_address> with the public IP address of the Forcepoint gateway for your secondary tunnel.
-
To verify the secondary tunnel interface is up and running on your router, enter the
show ip interface brief command.
If the configuration is successful, then the Status and Protocol will display up.