Citrix SD-WAN

Configure GRE Tunnels for a Branch Site

The GRE Tunnel feature allows you to configure Citrix SD-WAN Appliances to terminate GRE tunnels on the LAN or Intranet. If you do not want to configure this branch site as a LAN GRE Tunnel termination node, you can skip this step, and proceed to the section, Configuring WAN Links for the Branch Site.

To configure a LAN GRE Tunnel for the branch site:

  1. Continuing in the connections view for the new branch site, click GRE Tunnels. The GRE Tunnels view for the new site opens.

  2. Click + to the right of the GRE Tunnels. This adds a new blank GRE Tunnel entry to the table and opens it for editing.

    GRE tunnel branch

  3. Configure the GRE Tunnel settings. Enter the following:

    • Service Type - Choose the service type either Intranet or LAN from the drop-down list.

    • Name:
      • If the service type is Intranet, choose from the list of configured intranet services in the drop-down menu.
      • If the service type is LAN, enter a name for the new GRE tunnel or accept the default.
      • Default uses a naming format Appliance-Tunnel-<number> - Where <number> is the number of GRE Tunnels configured for this site, incremented by one.
    • Intranet Service Type - For an Intranet service type, choose Default or ZScaler from the drop-down list.

    • Firewall Zone - Select a firewall zone for the GRE tunnel.

    • Source IP – Select a Source IP Address for the tunnel from the drop-down menu for this field. The menu options are the list of Virtual IP Addresses that you configured for this site. Configure at least one Virtual Interface and one Virtual IP Address before you can configure a LAN GRE Tunnel. For instructions, see the sections, Configuring the Virtual Interface Groups for the Branch Site and Configuring the Virtual IP Addresses for the Branch Site.

    • Public Source IP - Enter the IP address to be used as the source address for packets in the GRE tunnel. The source IP address is the starting point of the GRE tunnel.

    • Destination IP – Enter the IP address to be used as the host destination. The destination IP address is the ending point of the GRE tunnel.

    • Tunnel IP / Prefix – Enter the IP Address and prefix used for the GRE tunnel interface.

    • Checksum – Select the Checksum box to enable Checksum for the tunnel GRE header.

    • Keepalive Periods – Enter the wait time interval (in seconds) between keepalive messages. If configured to 0, no keepalive packets are sent, but the tunnel remains up. The default is 10.

    • Keepalive Retries – Enter the number of keepalive retries the Virtual WAN Appliance must attempt before it brings down the tunnel. The default is 3.
  4. Click Apply. This submits your settings and adds the new GRE Tunnel entry to the table.

    GRE tunnel branch settings

  5. To configure more GRE Tunnels, click + to the right of the GRE Tunnels label, and proceed as per the preceding steps.

The next step is to configure the WAN links for the branch site.

Configure GRE Tunnels for a Branch Site

In this article