Citrix SD-WAN

Configure GRE Tunnels for the MCN Site (Optional)

The GRE Tunnel feature allows you to configure Citrix SD-WAN appliances to terminate GRE tunnels on the LAN or Intranet. If you do not want to configure this site as a GRE Tunnel termination node, you can skip this step, and proceed to the section, Configuring the WAN Links for the MCN Site.

To configure a GRE Tunnel, do the following:

  1. Continuing in the connections tab for the new MCN site, click GRE Tunnels. This opens the GRE Tunnels table for the new site.

    GRE tunnel configuration connection MCN

  2. Click + to the right of the GRE Tunnels. This adds a new blank GRE Tunnel entry to the table and opens it for editing.

    Add GRE tunnel MCN

  3. Configure the GRE Tunnel settings.

    Enter the following:

    • Service Type - Choose the service type either Intranet or LAN from the drop-down list.

    • Name:
      • If the service type is Intranet, choose from the list of configured intranet services in the drop-down menu.
      • If the service type is LAN, enter a name for the new GRE tunnel or accept the default.
      • Default uses a naming format Appliance-Tunnel-<number> - Where <number> is the number of GRE Tunnels configured for this site, incremented by one.
    • Intranet Service Type - For an Intranet service type, choose Default or ZScaler from the drop-down list.

    • Firewall Zone - Select the file zone for the GRE tunnel to you.

    • Source IP – Select a source IP Address for the tunnel from the drop-down menu for this field. The menu options are the list of Virtual Interfaces configured for this site. Configure at least one Virtual Interface before you can configure a GRE Tunnel. For instructions, see Configuring the Virtual Interface Groups for the MCN Site and Configuring the Virtual IP Addresses for the MCN Site.

      • Public Source IP: Enter the public source IP Address for the tunnel.

      • Destination IP – Enter the destination IP Address for the tunnel.

      • Tunnel IP / Prefix – Enter the tunnel IP Address and prefix.

      • Checksum – Select the Checksum box to enable Checksum for the tunnel GRE header.

      • Keepalive Period – Enter the wait time interval (in seconds) between keepalive messages. If configured to 0, no keepalive packets are sent, but the tunnel remains up. The default is 10.

      • Keepalive Retries – Enter the number of keepalive retries the Virtual WAN Appliance must attempt before it brings down the tunnel. The default is 3.

  4. Click Apply. This submits your settings and adds the new GRE Tunnel to the table.

    GRE tunnel branch settings

  5. To configure more GRE Tunnels, click + to the right of the GRE Tunnels, and proceed as above.

The next step is to configure the WAN links for the MCN site.

Configure GRE Tunnels for the MCN Site (Optional)