ESR series service routers.ESR-Series. User manual
•
•
•
Specify a unique identifier:
esr(config-gre)# key 15808
Specify DSCP, MTU, TTL values:
esr(config-gre)# dscp 44
esr(config-gre)# mtu 1426
esr(config-gre)# ttl 18
Enable and configure keepalive mechanism:
esr(config-gre)# keepalive enable
esr(config-gre)# keepalive timeout <TIME>
esr(config-gre)# keepalive retries <VALUE>
To view the tunnel status, use the following command:
esr# show tunnels status gre 10
To view sent and received packet counters, use the following command:
esr# show tunnels counters gre 10
To view the tunnel configuration, use the following command:
esr# show tunnels configuration gre 10
IPv4-over-IPv4 tunnel configuration is performed in the same manner.
9.2 DMVPN configuration
DMVPN (Dynamic Multipoint Virtual Private Network) — technology for creating virtual private networks, with
the ability to dynamically create tunnels between hosts. The advantage of this solution is its high scalability
and ease of setup when connecting branches to the head office. DMVPN is used in the Hub-and-Spoke
topology, and allows the construction of direct VPN Spoke-to-Spoke tunnels in addition to the usual Spoke-to-
Hub tunnels. This means that branches can communicate with each other directly, without the need for traffic
to pass through the Hub.
To establish such a connection, clients (NHC) over an encrypted IPsec tunnel send their internal (tunnel)
address and external (NBMA) address to the NHRP server (NHS). When a client wants to connect to another
NHC, it sends a request to the server to find out its external address. Having received a response from the
server, the client can now independently establish a connection to the remote branch.
During tunnel creation, enable GRE protocol (47) in the firewall.
To Next Page
Loading...
Need help?
General
