Generic Routing Encapsulation (GRE) tunnels work just like a serial link, with virtual tunnel interfaces replacing physical serial interfaces. We don’t have to configure encapsulation on serial interfaces as HDLC is already the default encapsulation on serial interfaces. The same applies to router R2 as well and the configuration shown below should help clarify these concepts. If you choose to use a dynamic routing protocol, it must be enabled on the serial interface. We have chosen static routing but we could also have used RIP, EIGRP, or OSPF. The router R1 already knows about its directly connected networks but it must also learn about the remote subnet 10.10.2.0/24 via a dynamic routing protocol or static configuration. Similarly, the LAN side of router R2 is using the subnet 10.10.2.0/24 with 10.10.2.1 assigned to the LAN interface that acts as the default gateway for local hosts. The LAN side of router R1 is using the subnet 10.10.1.0/24 with 10.10.1.1 assigned to the LAN interface that acts as the default gateway for local hosts. The choice of /30 subnets provides for only two valid IP addresses and that’s all what we need here. There is a /30 subnet in use on the serial link as indicated and the two end points are assigned legitimate IP addresses from the subnet. There are a number of encapsulation options but HDLC is being used which is also the default serial encapsulation on Cisco routers. Referring to Figure 12-3, the two routers are directly connected to each other over a leased line. Also, the network is wholly owned by a single enterprise allowing the use of private IP addresses even on WAN links. This sort of infrastructure is completely private and there is usually not a need to encrypt traffic flowing between sites across leased lines. The network shown in Figure 13-3 above is how wide-area networks can be built using leased lines to connect remote sites. We will then build on this basic configuration to create a fully fledged GRE configuration providing more or less the same features. The virtual interfaces on routers at the two ends of a GRE tunnel are configured with IP addresses from the same subnet.īecause GRE tunnels work pretty much like a serial link between two routers connected directly across a leased line, it is logical to review configuration for directly connected routers first. The routers at the two ends of a GRE tunnel use virtual interfaces, known as tunnel interfaces, in place of serial interfaces used by directly connected routers. GRE encapsulates the original IP packet with a new IP header also appending an additional GRE header.Ī GRE tunnel creates the illusion of a point-to-point link between two routers that are otherwise not directly connected to each other. GRE is an Internet Engineering Task Force (IETF) standard defined in RFC 2784. Generic Routing Encapsulation (GRE) is a method to tunnel IP packets between two end points. This lets us present the basic tunneling configuration yet leaving the more specialized security configuration to another more relevant Cisco certification in the security track. The encapsulated IP packet is not encrypted in the configuration we show in this chapter. The configuration in this section involves the creation of a tunnel, demonstrating how routers encapsulate the original IP packet inside another IP packet. This is all you need for your CCNA Routing and Switching exam. In this section, we cover configuration for the tunneling part of VPN operation, leaving out the encryption part. The new IP header is needed to route the packet in the unsecured network as the original IP header is now encrypted and unreadable and hence cannot be used for routing. The device at one end of a VPN tunnel takes an IP packet, encrypts it making it unreadable, and then sends the encrypted packet after encapsulating it in a new IP header. You are familiar with the fundamental operation of a virtual private network (VPN), and the concept of tunneling by now.
0 Comments
Leave a Reply. |