Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Tunnel

Hi i m new to this cisco platform .. What the following configuration means

interface Tunnel1

description GRE - Mumbai

ip address 10.205.99.209 255.255.255.252

ip ospf network point-to-point

tunnel source FastEthernet0/0

tunnel destination 10.207.42.3

tunnel checksum

hold-queue 4096 out

7 REPLIES
New Member

Re: Tunnel

Hi,

This tunnel1 is an virtual interface created for GRE

source of the tunnel is fa0/0

and destination -tunnel ends 10.207.42.3

rate if it helps

rgds/shiva

New Member

Re: Tunnel

why do we need tunnel. how to configure both local and remote ends..

Bronze

Re: Tunnel

The configs gives a GRE tunnel to destination address 10.207.42.3.This is a sort of logical tunnel link between 2 locations.BOth ends will have to be specified with a source & destination for the tunnel to know where to enter and look for a particular end node.

Although this doesnt give security as gud as wat ipsec gives still it encapsulates the packets ..sort of IP within IP.

You can use tunnels to say connect ur 2 remote end offices located geographically @ different places and want to share/access variety of application either ways without goin all the way thru the internet.

the other end will have same config as above but the tunnel source will change to actual external interface u will use to route the packets out of ur network, also tunnel destination will change to the other ends external entry interface.

Also , u will need to put routes @ either ends pointing the path to your internal nodes.

say, ip route 192.168.2.0 255.255.255.0 tunnel1

where 192.168.2.0 255.255.255.0 is the other ends internal network and tunnel1 is the exit logical interface from where it can reach 192.168.2.0/24 network on the other end.

Hope this clears your thoughts.

Pls rate/mark the post if it helps!!!

Re: Tunnel

When configuring routes, you usually need to overcome "recursive routing".

GRE is configured with, and knows of the tunnel endpoints, but sees the path to the far-side tunnel endpoint as being via the tunnel itself (recursive routing).

We need to provide an alternative (typically a static host route) that tells GRE to reach the far-side tunnel endpoint by way of a "physical" interface.

i.e.: reach the far-side tunnel endpoint aaa.bbb.ccc.ddd (on a different network) by way of our default gateway (next hop).

e.g.:

ip route 255.255.255.255 2

Usually, you will use dynamic routing protocols to populate the routing tables with routes to the far side network(s). So, "192.168.2.0 255.255.255.0 via tunnel1" would be a dynamically learned route, and not a static configured route.

Also, the tunnel endpoints do NOT have to be the external physical interface addresses. It is not uncommon to use Loopback interfaces as the GRE tunnel endpoints.

These addresses can be private addresses when GRE is encapsulated within IPSec (ESP Tunnel Mode) because the outermost IP header would be using globally routable external interface addresses.

Re: Tunnel

GRE is a tunneling protocol used to create virtual point-to-point links. It encapsulates network layer packets inside an IP tunneling packet. It is often used to extend dynamic routing (or other multicast traffic) between sites.

The 255.255.255.252 mask, and the point-to-point portion of the "ip ospf network point-to-point" command suggest that you are running the GRE tunnel over a physical serial interface.

The tunnel source and destination convey the logical entry and exit points of the GRE tunnel. It is these addresses that will be used in the GRE encapsulation header.

Tunnel checksumming provides packet integrity for passenger protocols that don't provide integrity checking for themselves. With this feature enabled, the router will drop corrupted packets (i.e.: those with bad checksums).

New Member

Re: Tunnel

Thks for your reply.. why do we need tunnel? how will u configure in local and remote end?

Re: Tunnel

You'd have to look at the configuration to determine what traffic is being encapsulated by the tunnel to determine why it is in use at your site.

In our case, we are using GRE to encapsulate dynamic routing protocols between remote sites to extend the routing domain.

Multicast traffic is often the driving need.

E.G.: Standard IPSec configurations don't support multicast traffic, so the multicast traffic is encapsulated in GRE, which is then encapsulated within IPSec (usually ESP).

GRE may also be used to encapsulate non-IP traffic through an IP infrastructure).

If you want to know how to configure it, you might want to take a look at the configuration on your device, or download some GRE related documentation from the Cisco web site.

140
Views
3
Helpful
7
Replies
CreatePlease to create content