The routers will start using the tunnel interfaces to route packets to the remote subnets The tunnel configuration is complete but we need to test whether it can pass user traffic or not.
There are some invaluable show commands that can be used for tunnel verification. A good starting point for GRE tunnel verification is the good old show ip interface brief command. The show interfaces tunnel command provides a lot of useful information including interface status and configuration settings as highlighted in output below:. We seem to have a working tunnel interface according to the verification commands used so far. However, a router will not send any packets over the tunnel until the routing table tells router to do so.
We need to have local routes to remote subnets pointing to the tunnel in order to make the router send packets over the tunnel. In this example, we are using static routing configuration to do so. We can run a traceroute to verify that traffic passes through the tunnel and find out the path taken by packets:. R1 traceroute Protocol [ip]: Target IP address: Tracing the route to You may have noticed that the traceroute does not list any IP addresses on the serial interfaces of routers though the traffic physically passes through them.
The reason is that the packets sent by traceroute are encapsulated before being sent from R1 to R2. Any other user packets between Site A and Site B are also treated in a similar fashion. Home Guides About Blog Shop. The routing tables of two routers show that they are directly connected via GRE Tunnel.
This process is called encapsulation. In the example above when R1 receives an IP packet, it wraps the whole packet with a GRE header and a delivery header. The delivery header includes new source IP address of It is important to note that the GRE tunnel does not encrypt the packet, only encapsulate it. When the GRE packet arrives at the other end of the tunnel R2 in this case , the receiving router R2 needs to remove the GRE header and delivery header to get the original packet.
For example in this case R1 must know how to reach Now you learned the basis of GRE Tunnel. It is important to show you the related GRE configuration of the example above. Suppose OSPF is used in our company. In the above R1 configuration, the command interface tunnel0 create the virtual tunnel 0 interface, which is called a tunnel interface. We can use any number. The next line assigns the IP address for the tunnel interface: The IP addresses of two tunnel interfaces must be in the same subnet Chapter 2: Securing the Network.
Secure Network Design Example. Securing Network Devices. AAA System Components. Testing AAA Configuration. Chapter 5: Securing Cisco Perimeter Routers. Perimeter Router Terms and Concepts. Denial of Service Attacks. Unauthorized Access. Lack of Legal IP Addresses. Rerouting Attacks. Event Logging on Perimeter Routers. IOS Firewall Management. Initializing the Post Office. Creating and Applying Audit Rules. Verifying the IDS Configuration. AAA Server Configuration.
AAA Router Configuration. Authentication Proxy Configuration on the Router. Verify Authentication Proxy Configuration. Virtual Private Networks. How IPSec Works. Security Association SA. Configuring IPSec Manually. CA Support Overview. Configure CA Support Tasks. Cisco VPN 3. Preconfiguring the Cisco VPN 3. Digital Certificates. Administer and Monitor Remote Access Networks. The VPN in the Network. Configuring the Device. Common Configuration Tasks.
Basic Configuration for the VPN Auto-Update Feature. NAT Issues. NAT Transparency. Firewall and Firewall Security Systems.
Syslog Configuration.
0コメント