ESR Series Routers Operation Manual 67
7.17 GRE tunnel configuration
GRE (Generic Routing Encapsulation) is a network packet tunnelling protocol. Its main purpose is to
encapsulate packets of the OSI model network layer into IP packets. GRE may be used for VPN
establishment on 3rd level of OSI model. In ESR router implemented static unmanageable GRE tunnels, i.e.
tunnels are created manually via configuration on local and remote hosts. Tunnel parameters for each
side should be mutually agreeable, otherwise transferred data will not be decapsulated by the partner.
Objective: Establish L3-VPN for company offices using IP network with GRE protocol for traffic
tunnelling.
IP address 115.0.0.1 is used as a local gateway for the tunnel
IP address 114.0.0.10 is used as a remote gateway for the tunnel
IP address of the tunnel at the local side is 25.0.0.1/24
Fig. 7.19—Network structure
Solution:
Create GRE 10 tunnel:
esr(config)# tunnel gre 10
Specify local and remote gateway (IP addresses of WAN border interfaces):
esr(config-gre)# local address 115.0.0.1
esr(config-gre)# remote address 114.0.0.10
Specify tunnel IP address 25.0.0.1/24:
esr(config-gre)# ip address 25.0.0.1/24
Also, the tunnel should belong to the security zone in order to create rules that allow traffic to pass
through the firewall. To define the tunnel inherence to a zone, use the following command:
esr(config-gre)# security-zone untrusted
Enable tunnel:
esr(config-gre)# enable
esr(config-gre)# exit
Create route to the partner's local area network on the router. Specify previously created GRE
tunnel as a destination interface.
esr(config)# ip route 172.16.0.0/16 tunnel gre 10
To Next Page
Loading...
