The choice of /30 subnets provides for only two valid IP addresses and that’s all what we need here. There is a /30 subnet in use on the serial link as indicated and the two end points are assigned legitimate IP addresses from the subnet. There are a number of encapsulation options but HDLC is being used which is also the default serial encapsulation on Cisco routers. Referring to Figure 12-3, the two routers are directly connected to each other over a leased line. Also, the network is wholly owned by a single enterprise allowing the use of private IP addresses even on WAN links. This sort of infrastructure is completely private and there is usually not a need to encrypt traffic flowing between sites across leased lines. The network shown in Figure 13-3 above is how wide-area networks can be built using leased lines to connect remote sites. We will then build on this basic configuration to create a fully fledged GRE configuration providing more or less the same features. The virtual interfaces on routers at the two ends of a GRE tunnel are configured with IP addresses from the same subnet.īecause GRE tunnels work pretty much like a serial link between two routers connected directly across a leased line, it is logical to review configuration for directly connected routers first. The routers at the two ends of a GRE tunnel use virtual interfaces, known as tunnel interfaces, in place of serial interfaces used by directly connected routers. GRE encapsulates the original IP packet with a new IP header also appending an additional GRE header.Ī GRE tunnel creates the illusion of a point-to-point link between two routers that are otherwise not directly connected to each other. GRE is an Internet Engineering Task Force (IETF) standard defined in RFC 2784. Generic Routing Encapsulation (GRE) is a method to tunnel IP packets between two end points. This lets us present the basic tunneling configuration yet leaving the more specialized security configuration to another more relevant Cisco certification in the security track. The encapsulated IP packet is not encrypted in the configuration we show in this chapter. The configuration in this section involves the creation of a tunnel, demonstrating how routers encapsulate the original IP packet inside another IP packet. This is all you need for your CCNA Routing and Switching exam. In this section, we cover configuration for the tunneling part of VPN operation, leaving out the encryption part. The new IP header is needed to route the packet in the unsecured network as the original IP header is now encrypted and unreadable and hence cannot be used for routing. The device at one end of a VPN tunnel takes an IP packet, encrypts it making it unreadable, and then sends the encrypted packet after encapsulating it in a new IP header. Now all we have to do is add routes so that the LANs can talk to each, this can be seen at the bottom of the R1 and R2 config panes.You are familiar with the fundamental operation of a virtual private network (VPN), and the concept of tunneling by now. Please also see the MTU and TCP ADJUST-MSS commands we have added to the Tunnel interfaces to take into consideration the TCP/GRE overheads. Lastly, the tunnel destination command is quite self explanatory, but it’s the address we want to terminate the tunnel on, so for us it was the IP address of R2 internet facing IP address of 2.2.2.2 from R1 perspective. The “tunnel source” command allows you to specify what interface you want the GRE tunnel to be initiated from, for example we chose our internet facing interface which is FastEthernet 0/0. But we would advise using the same numbering for easy manageability. Please be aware the tunnel numbers do not have to match for example on R2 it could be Tunnel 101 instead of 100. When we issue the Interface tunnel command, we create a logical interface on the router and name it appropriately. See below for an example of configuring GRE tunnels, with a network diagram for clarity. For example, one of the main benefits is that it is able to accommodate any transport protocol (IPv4 or IPv6). Generic routing encapsulation – also known as GRE – has a wide range of benefits.
0 Comments
Leave a Reply. |