Scribd
Upload
37 views12 pages

GRE Tunnel Configuration Guide

The document discusses how to configure generic routing encapsulation (GRE) tunnels. GRE tunnels allow passing of routing information between connected networks by encapsulating Layer 3 payloads within IP packets. The document provides details on default GRE characteristics, deployment scenarios, and steps for configuring a basic GRE tunnel including assigning addresses and enabling routing.

Uploaded by

Khoa Huynh Dang
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
37 views12 pages

GRE Tunnel Configuration Guide

The document discusses how to configure generic routing encapsulation (GRE) tunnels. GRE tunnels allow passing of routing information between connected networks by encapsulating Layer 3 payloads within IP packets. The document provides details on default GRE characteristics, deployment scenarios, and steps for configuring a basic GRE tunnel including assigning addresses and enabling routing.

Uploaded by

Khoa Huynh Dang
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Secured

Connectivity

Configuring GRE Tunnels

© 2007 Cisco Systems, Inc. All rights reserved. SNRS v2.0—4-1


Generic Routing Encapsulation

 Generic Routing Encapsulation


 RFCs 1701, 1702, 2784
 Uses IP protocol 47 when encapsulated within IP
 Allows passing of routing information between connected
networks

© 2007 Cisco Systems, Inc. All rights reserved. SNRS v2.0—4-2


Default GRE Characteristics
IP GRE IP TCP Data

Identifies the type of payload: Ethertype


0x800 is used for IPv4.
Protocol
Flags
Type

Identifies the presence of optional


header fields

 Tunneling of arbitrary OSI Layer 3 payload is primary goal of GRE


 Stateless (no flow control mechanisms)
 No security (no confidentiality, data authentication, or integrity
assurance)
 24-B overhead by default (20-B IP header and 4-B GRE header)

© 2007 Cisco Systems, Inc. All rights reserved. SNRS v2.0—4-3


Deployment Scenario

Corporate
Headquarters Remote
Office
GRE Tunnel

Internet

Workplace Remote
Resources Users
© 2007 Cisco Systems, Inc. All rights reserved. SNRS v2.0—4-4
Configuring a GRE Tunnel

 Create and identify the tunnel interface.


 Configure the tunnel interface source address.
 Configure the tunnel interface destination address.
 Bring up tunnel interface (administratively).
 Configure routes.

© 2007 Cisco Systems, Inc. All rights reserved. SNRS v2.0—4-5


Configure a Tunnel

Site 1 10.0.1.0 10.0.6.0 Site 2


R1 R6
Internet
A B
10.0.1.12 10.0.6.12
172.30.1.2 172.30.6.2

R1(config)#interface tunnel 0
R1(config-if)#ip address 172.16.1.1 255.255.255.0
R1(config-if)#tunnel source Fa0/1
R1(config-if)#tunnel destination 172.30.2.2
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#ip route 10.0.2.0 255.255.255.0 tunnel 0

© 2007 Cisco Systems, Inc. All rights reserved. SNRS v2.0—4-6


Configure a Tunnel

Site 1 10.0.1.0 10.0.6.0 Site 2


R1 R6
Internet
A B
10.0.1.12 10.0.6.12
172.30.1.2 172.30.6.2

R1(config)#interface tunnel 0
R1(config-if)#ip address 3.3.3.1
255.255.255.0
R1(config-if)#tunnel source Fa0/1
R1(config-if)#tunnel destination 172.30.6.2
R1(config)#router eigrp 1
R1(config-router)#network 3.3.3.0 0.0.0.255
R1(config-router)#network 1.0.1.0 0.0.0.255
© 2007 Cisco Systems, Inc. All rights reserved. SNRS v2.0—4-7
Verifying GRE Tunnels

Site 1 10.0.1.0 10.0.6.0 Site 2


R1 R6

Internet B
A
10.0.1.12 10.0.6.12
172.30.1.2 172.30.6.2

R1# show ip interface brief


R1# show interfaces tunnel 0

© 2007 Cisco Systems, Inc. All rights reserved. SNRS v2.0—4-8


GRE/IPsec

Tunnel Mode
IP ESP IP GRE IP TCP Data ESP
Example

Encrypted Payload
Transport Mode
IP ESP GRE IP TCP Data ESP
Example

Encrypted Payload

 GRE encapsulates arbitrary payload.


 IPsec encapsulates unicast IP packet (GRE)
– Tunnel mode (default): IPsec creates a new tunnel IP
packet.
– Transport mode: IPsec reuses the IP header of the GRE
(20 B less overhead).

© 2007 Cisco Systems, Inc. All rights reserved. SNRS v2.0—4-9


GRE with Encryption Example

Site 1 10.0.1.0 GRE/IPsec Tunnel 10.0.6.0 Site 2


R1 R6
Internet
A B
10.0.1.12 10.0.6.12
172.30.1.2 172.30.6.2

R1(config)#interface tunnel 0
R1(config-if)#ip address 3.3.3.1 255.255.255.0
R1(config-if)#tunnel source Fa0/1
R1(config-if)#tunnel destination 172.30.6.2
R1(config)#interface Fa0/1
R1(config-if)#crypto map SNRS-MAP
R1(config)#ip access-list 101 permit gre host 172.30.1.2 host 172.30.6.2
R1(config)#router eigrp 1
R1(config-router)#network 3.3.3.0 0.0.0.255
R1(config-router)#network 1.0.1.0 0.0.0.255

© 2007 Cisco Systems, Inc. All rights reserved. SNRS v2.0—4-10


Summary

 GRE was developed to encapsulate a wide variety of protocol


packet types inside IP tunnels.
• GRE can be used in conjunction with IPsec to pass routing
updates between sites on an IPsec VPN.
 Several simple steps are required to configure a GRE tunnel.
 Use the show interfaces command to verify tunnel configuration.
 You can configure encryption so that all traffic through the GRE
tunnel is encrypted.

© 2007 Cisco Systems, Inc. All rights reserved. SNRS v2.0—4-11


© 2007 Cisco Systems, Inc. All rights reserved. SNRS v2.0—4-12

You might also like