Citrix SD-WAN

Configure GRE Tunnels for a Branch Site

The Virtual WAN LAN GRE Tunnels settings enable you to configure Virtual WAN Appliances to terminate GRE tunnels on the LAN. If you do not want to configure this branch site as a LAN GRE Tunnel termination node, you can skip this step, and proceed to the section, Configuring WAN Links for the Branch Site.

To configure a LAN GRE Tunnel for the branch site:

  1. Continuing in the connections view for the new branch site, click GRE Tunnels. The GRE Tunnels view for the new site opens.

  2. Click + to the right of the GRE Tunnels. This adds a new blank GRE Tunnel entry to the table and opens it for editing. GRE tunnel branch

  3. Configure the GRE Tunnel settings. Enter the following:

  • Name – Enter a name for the new GRE tunnel, or accept the default. The default uses the following naming format:

  • Appliance-Tunnel-<number> - Where <number> is the number of GRE Tunnels configured for this site, incremented by one.

  • Firewall Zone - Select a firewall zone for the GRE tunnel.

  • Source IP – Select a Source IP Address for the tunnel from the drop-down menu for this field. The menu options are the list of Virtual IP Addresses that you configured for this site. Configure at least one Virtual Interface and one Virtual IP Address before you can configure a LAN GRE Tunnel. For instructions, see the sections, Configuring the Virtual Interface Groups for the Branch Site and Configuring the Virtual IP Addresses for the Branch Site.

  • Public Source IP - Enter the IP address to be used as the source address for packets in the GRE tunnel. The source IP address is the starting point of the GRE tunnel.

  • Destination IP – Enter the IP address to be used as the host destination. The destination IP address is the ending point of the GRE tunnel.

  • Tunnel IP / Prefix – Enter the IP Address and prefix used for the GRE tunnel interface.

  • Checksum – Select this to enable Checksum for the tunnel GRE header.

  • Keepalive Periods – Enter the wait time interval (in seconds) between keepalive messages. If configured to 0, no keepalive packets are sent, but the tunnel remains up. The default is 10.

  • Keepalive Retries – Enter the number of keepalive retries the Virtual WAN Appliance should attempt before it brings down the tunnel. The default is 3.

  1. Click Apply. This submits your settings and adds the new GRE Tunnel entry to the table.

    GRE tunnel branch settings

  2. To configure more GRE Tunnels, click + to the right of the GRE Tunnels label, and proceed as per the preceding steps.

The next step is to configure the WAN links for the branch site.

Configure GRE Tunnels for a Branch Site