Configure BGP in a GRE over IPSec

• Palo Alto Firewalls
• PANOS- 9.1 and above
• BGP configuration
• GRE over IPSEC tunnel using loopback

1. Configure GRE over IPsec using loopback
2. Configure IP address to GRE tunnel interface, in our example we are assigning IP address 172.16.2.1 for the local firewall and 172.16.2.2 for the remote side.
3. Navigate to Network > Interfaces > Tunnel 

4. Configure BGP on a firewall by using GRE interface for BGP neighborship, navigate to Network > Virtual Routers > Default > BGP >  
   •  Enable BGP, set the AS number (using AS as 65201 and remote as 65200), and provide router ID

5. Navigate to Peer Group > Add > Provide name and click add, give it a name, and select Peer AS 65200 and local address Interface as GRE tunnel interface which is a tunnel.2

• In this example, select GRE interface IP as IP and enter remote peer IP address then click OK and commit.
• Configure the other side accordingly.

6. Verify BGP peering status by running command "show routing protocol bgp peer peer-name <name>"

adminn@PA-FW1> show routing protocol bgp peer peer-name gre 

  ==========
  Peer:                          gre (id 1)
  virtual router:                default
  Peer router id:                172.16.2.2
  Remote AS:                     65200
  Peer group:                    gre-ipsec (id 1)
  Peer status:                   Established, for 2246 seconds
  Password set:                  no
  Passive:                       no
  Multi-hop TTL:                 1
  Remote Address:                172.16.2.2:179
  Local Address:                 172.16.2.1:45127