Enter interface tunnel, followed by a number identifying the tunnel, to create the new Tunnel interface.
If you are changing the parameters of an existing tunnel, enter interface tunnel, followed by a number identifying the tunnel, to enter the Tunnel context.
In the Tunnel interface context, enter tunnel source, followed by the public IP address of the local tunnel endpoint, to set the source address of the tunnel.
In the Tunnel interface context, enter tunnel destination, followed by the IP address of the remote tunnel endpoint, to set the destination address of the tunnel.
The Branch Gateway does not check whether the configured tunnel source IP address is an existing IP address registered with the Branch Gateway router.
In most cases, it is recommended to configure keepalive in the tunnel so that the tunnel’s source interface can determine and inform the host if the tunnel is down.
To configure keepalive for a Tunnel interface, enter keepalive in the Tunnel interface context, followed by the length (in seconds) of the interval at which the source interface sends keepalive packets, and the number of retries necessary in order to declare the tunnel down.
The following example configures the tunnel to send a keepalive packet every 20 seconds, and to declare the tunnel down if the source interface sends three consecutive keepalive packets without a response.
In most cases, it is recommended to configure dynamic MTU discovery in the tunnel.
This prevents fragmentation of packets larger than the tunnel’s MTU. When dynamic MTU discovery is not enabled, the tunnel fragments packets larger than the tunnel’s MTU, even when the packet is marked do not fragment. For more information on dynamic MTU discovery, see Dynamic MTU discovery.
The following example configures dynamic MTU discovery, with an age timer of 15 minutes.
