Upload File

how to forward gre traffic over ipsec vpn tunnel

  • Home
  • Documents
  • How to Forward GRE Traffic Over IPSec VPN Tunnel
prev
next
out of 5
Download How to Forward GRE Traffic Over IPSec VPN Tunnel

Upload: adrian-maftei

Post on 02-Jun-2018

227 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 8/10/2019 How to Forward GRE Traffic Over IPSec VPN Tunnel

    1/5

    How ToForward GRE Traffic over IPSec VPN Tunnel

    Applicable Version: 10.00 onwards

    OverviewGeneric Routing Encapsulation (GRE) is a simple IP packet encapsulation protocol, GRE tunnels are

    mainly used as a means to carry other routed protocols across a predominantly IP network. They

    remove the need of all protocols, except IP, for data transfer, thus reducing much overhead on the

    network administrators part.Non-IP protocols such as IPX and AppleTalk are tunnelled through the

    IP core via GRE.

    Generally, GRE tunnels are used in the following scenarios:

    - To carry Multicast traffic just like real network interface traffic.

    - To carry non-routable protocol traffic like NetBIOS or non-IP traffic over IP network.

    - To link two similar networks which are connected with different IP addressing

    Scenario

    Create an IPSec tunnel between a Head Office network and a Branch Office network. The clients at

    the Branch Office are to connect to the Head Office Media Server. So we have created GRE tunnel

    over the IPSec connection to allow transfer of multicast traffic between the Head Office and Branch

    Office. The network scenario is described in the diagram below.

    How To Forward GRE Traffic over IPSec VPN

    Tunnel

  • 8/10/2019 How to Forward GRE Traffic Over IPSec VPN Tunnel

    2/5

    How ToForward GRE Traffic over IPSec VPN Tunnel

    Network Schema

    Branch Office Head Office

    Cyberoam WAN IP Address202.134.168.208 Cyberoam WAN IP Address202.134.168.202

    LAN IP172.50.50.2 LAN IP172.16.16.10

    LAN Subnet172.50.50.0/24 LAN Subnet172.16.16.0/24

    GRE Tunnel Virtual IP5.5.5.1 GRE Tunnel Virtual IP5.5.5.2

    Media Server :

    Source IP172.16.16.2

    Multicast IP225.0.0.1

    Configuration

    To forward GRE traffic over IPSec VPN connection, follow the steps given below. The configuration is

    to be done from the Web Admin Console using Administrator profile.

    Step 1: Create IPSec VPN Tunnel

    Create an IPSec VPN tunnel between the Head Office and Branch Office. To know how to create an

    IPSec VPN connection, refer to the article How To - Establish Site-to-Site IPSec Connection using

    Preshared Key.

    Note:

    In the IPSec configuration:

    - Make sure that WAN IP of Head Office Cyberoam is included in the Trusted Local Subnet at the

    Head Office side and Trusted Remote Subnet at the Branch Office side.

    - Similarly, Make sure that WAN IP of Branch Office Cyberoam is included in the Trusted Local

    Subnet at the Branch Office side and Trusted Remote Subnet at the Head Office side.

    Step 2: Create GRE Tunnel

    Create a GRE Tunnel between the Head Office and the Branch Office. To know how to create a GRE

    tunnel, refer to the articleHow ToConfigure a GRE Tunnel on Cyberoam.

    Step 3: Enable Multicast Forwarding in Cyberoam

    Enable Multicast Forwarding on Cyberoam by going to NetworkStatic RouteMulticastand

    checking Enable Multicast Forwardingas shown below.

    http://kb.cyberoam.com/default.asp?id=1633&Lang=1&SID=http://kb.cyberoam.com/default.asp?id=1633&Lang=1&SID=http://kb.cyberoam.com/default.asp?id=1633&Lang=1&SID=http://kb.cyberoam.com/default.asp?id=2192&Lang=1&SID=http://kb.cyberoam.com/default.asp?id=2192&Lang=1&SID=http://kb.cyberoam.com/default.asp?id=2192&Lang=1&SID=http://kb.cyberoam.com/default.asp?id=2192&Lang=1&SID=http://kb.cyberoam.com/default.asp?id=2192&Lang=1&SID=http://kb.cyberoam.com/default.asp?id=2192&Lang=1&SID=http://kb.cyberoam.com/default.asp?id=1633&Lang=1&SID=http://kb.cyberoam.com/default.asp?id=1633&Lang=1&SID=

  • 8/10/2019 How to Forward GRE Traffic Over IPSec VPN Tunnel

    3/5

    How ToForward GRE Traffic over IPSec VPN Tunnel

    Step 4: Add Static Multicast Routes

    Add static multicast routes both at the Head Office and Branch Office.

    Head Office

    Go to NetworkStatic RouteMulticastand click Add to add a new multicast route using the

    parameters given below.

    Parameter Description

    Parameter Value Description

    Source IP Address 172.16.16.2 Specify Source IP Address.

    Source Interface PortA 172.16.16.10 Select Source Interface from the list.

    Multicast Address 225.0.0.1Specify range of Multicast IP

    Address

    Destination Interface gre_tunnel_ho 5.5.5.2

    Select Destination Interface from the

    list. You can select more than one

    destination interface.

  • 8/10/2019 How to Forward GRE Traffic Over IPSec VPN Tunnel

    4/5

    How ToForward GRE Traffic over IPSec VPN Tunnel

    Branch Office

    Go to NetworkStatic RouteMulticastand click Add to add a new multicast route using the

    parameters given below.

  • 8/10/2019 How to Forward GRE Traffic Over IPSec VPN Tunnel

    5/5

    How ToForward GRE Traffic over IPSec VPN Tunnel

    Parameter Description

    Parameter Value Description

    Source IP Address 172.16.16.2 Specify Source IP Address.

    Source Interface gre_tunnel_bo 5.5.5.1 Select Source Interface from the list.

    Multicast Address 225.0.0.1Specify range of Multicast IP

    Address

    Destination Interface PortA-172.50.50.2

    Select Destination Interface from the

    list. You can select more than one

    destination interface.

    Note:

    Make sure that Firewall Rules allowing traffic from LAN to VPN and vice versa are present. If they are

    not present, create them manually. They are necessary for the VPN connections to function properly.

    The above configuration forwards all GRE traffic to the IPSec VPN connection between Head Officeand Branch office.

    Document Version: 2.0 07/05/2013


IPSec and VPN

3.2 IPSec VPN

Ipsec vpn v0.1

Deployment of IPSec VPN VPN, IPSec, PKI, Smart Cards

Configuring IPsec VPN Fragmentation and MTU - cisco.com · Configuring IPsec VPN Fragmentation and MTU ... Note If the supervisor engine perfor ms GRE encapsulation, the encapsul

VPN Mpls Ipsec Tls

IPsec vpn topology over GRE tunnels

Configuring Dynamic Multi Point VPN (DMVPN) Using GRE Over IPSec Between Multiple Routers

IPSec VPN Basics

Introduction to VPN - IPSEC

2960-datasheet-1 - DrayTek Corp. · DHCP over IPSec GRE over IPSec Dead Peer Detection (DPD) Smart VPN Software Utility Easy of Adoption Industrial-standard Interoperability Firewall

DMVPN, · Tunelowany VPN Tunel Multi-Point GRE ! ... • Przy szyfrowaniu IPSec tuneli GRE stosowany jest tryb tunelowy ... konfiguracja hub

GRE VPN Mpls

Enterprise Multi-Service CBRS LTE RouterEnterprise Class Routing and Secured VPN • BGP and OSPF Dynamic Routing Protocols • Secured VPN: IPSec, GRE, L2TP, PPTP and OpenVPN •

08 - IPSec & VPN

Ipsec p2p GRE

Nist Ipsec VPN

IPSec VPN Configuration Whitepaper - Netcommedia.netcomm.com.au/.../IPSec-VPN-Configuration-Whitepaper-v6.0.pdf · IPSec is used for both Site to Site VPN and Remote Access VPN. The

GRE Tunneling over IPsec - pearsoncmg.com · GRE Tunneling over IPsec Generic routing encapsulation (GRE) tunnels have been around for quite some time. GRE was ... The GRE tunnel

Which VPN? Applications for IPsec and MPLS€¦ · _____2 VPN Type Cost . Level Performance ; Level Security ; Level IPsec VPN (on prem, Internet based) Lowest: Very High IPsec VPN

Reliable Remote Access Solution for Small Businesses ... · PDF file• GRE and GRE over IPSec • NAT over IPSec • ZyXEL VPN client provisioning SSL VPN • Supports Windows and

Stonesoft IPSEC VPN Client

Ipsec VPN User Guide

IPSec VPN Best Practices - Oracle · 5 | IPSEC VPN BEST PRACTICES • IPSec VPN configuration: For two endpoints to establish an IPSec connection and for traffic to flow through the

Remote access VPN IPsec - TheGreenBo€¦ · TheGreenBowTM IPsec VPN Client Application Note Remote access VPN IPsec Accessing the MRD-3xx Indsutrial 3G router using TheGreenBow IPSec

Internet Protocol Security (IPsec) - · PDF fileprofile with a PFS option, Traffic Selectors, IPsec over GRE, Dynamically assigned IP addresses, IPsec with NAT-Traversal, A VPN with

IpSec VPN Design

Application Note GRE over IPsec + OSPF between RobustOS ... · GRE over IPsec VPN established between central Cisco router and the R2000, and the internal traffic from ROS (192.168.1.0/24)

Technologies VPN IPSEC & PKI

Brocade 5600 vRouter Guide to VPN Support, v4 - · PDF fileBrocade 5600 vRouter Guide to VPN Support 53-1004254-01 ... GRE over IPsec Similar to underlying IPsec Same as underlying

Voice and Video Enabled IPSec VPN (V PN) Solution ... and Video Enabled IPSec VPN... · IP Telephony (Voice over IP) 4-1 ... Combined WAN and IPSec/IP GRE Router Configuration—Cisco

Building IPSec VPN Tunnel

Cisco Small Business 100- 300 Series Routers€¦ · IPSec/PPTP/L2TP/GRE /Cisco SSL VPN/Cisco IPSec/IKEv2 VPN enable secure remote access Cisco PnP Support for zero touch- provisioning

Configure IPSec VPN Tunnels

VNS3 GRE Over IPsec Companion - Cohesive Networks · PDF fileVNS3 GRE over IPsec Connecting to a remote device using a GRE tunnel over IPsec