Virtual Private Networks (VPN) Generic Routing Encapsulation (GRE)
Digi Connect IT® 4 User Guide
418
Example: GRE tunnel over an IPSec tunnel
The Connect IT 4 device can be configured as an advertised set of routes through an IPSec tunnel. This
allows you to leverage the dynamic route advertisement of GRE tunnels through a secured IPSec
tunnel.
The example configuration provides instructions for configuring the Connect IT 4 device with a
GREtunnel through IPsec.
Connect IT 4-1 configuration tasks
1. Create an IPsec tunnel named ipsec_gre1 with:
n A pre-shared key.
n Remote endpoint set to the public IP address of the Connect IT 4-2 device.
n A policy with:
l Local network set to the IP address and subnet of the local GRE tunnel,
172.30.0.1/32.
l Remote network set to the IP address and subnet of the remote GRE tunnel,
172.30.0.2/32.
2. Create an IPsec endpoint interface named ipsec_endpoint1:
a. Zone set to Internal.
b. Device set to Ethernet: Loopback.
c. IPv4 Address set to the IP address of the local GRE tunnel, 172.30.0.1/32.
3. Create a GRE tunnel named gre_tunnel1:
a. Local endpoint set to the IPsec endpoint interface, Interface: ipsec_endpoint1.
b. Remote endpoint set to the IP address of the GRE tunnel on Connect IT 4-2, 172.30.0.2.
4. Create an interface named gre_interface1 and add it to the GRE tunnel:
a. Zone set to Internal.
b. Device set to IP tunnel: gre_tunnel1.
c. IPv4 Address set to a virtual IP address on the GRE tunnel, 172.31.0.1/30.
Connect IT 4-2 configuration tasks
1. Create an IPsec tunnel named ipsec_gre2 with:
n The same pre-shared key as the ipsec_gre1 tunnel on Connect IT 4-1.
n Remote endpoint set to the public IP address of Connect IT 4-1.
n A policy with:
l Local network set to the IP address and subnet of the local GRE tunnel,
172.30.0.2/32.
l Remote network set to the IP address of the remote GRE tunnel, 172.30.0.1/32.
2. Create an IPsec endpoint interface named ipsec_endpoint2:
a. Zone set to Internal.
b. Device set to Ethernet: Loopback.
c. IPv4 Address set to the IP address of the local GRE tunnel, 172.30.0.2/32.
To Next Page
Loading...
