Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

GRE Tunnels...which interface is the best to use as the source.

Hello,

can anyone please give a quick answer as to which interface is best to use as the source of a GRE tunnel? I have seen Loopback, Serial, and Ethernet used in sample configs and posted questions. Currently, our routers use IPSec in tunnel mode from serial to serial and I am looking to switch to GRE/IPsec tunnels and use the serial interfaces as the sources/destinations, unless there is good reason to use another interface....Any thoughts or links to some good reading would be appreciated.

Thanks,

John.

3 REPLIES
Community Member

Re: GRE Tunnels...which interface is the best to use as the sour

Hi John,

The loopback interface as tunnel source and destination will be the best.

The loopback interface will never going down and if you have several internet links , one link down will not affect the GRE/IPSEC tunnel.

The only problem with using loopback interface ip address is " the IP address must routable". First, you need make sure two peers can ping each other through loopback to loopback before config GRE with IPSEC.

Here is a sample config:

http://www.cisco.com/warp/customer/707/ipsec_gre.shtml

Best Regards,

Community Member

Re: GRE Tunnels...which interface is the best to use as the sour

Thank you for the response. Is this the only plus to using the loopback interface (that it and the tunnel will not go down?). Each router I am working with has only one internet connection through the serial interface and 34 tunnel interfaces (35 total routers). My intention was to use the serial interfaces for sources/destinations so that the tunnel would go down if any serial interface went down (and dynamic routing can try to find another route over a different tunnel, if possible). Is this OK for this situation?

Thanks again for the help...

Community Member

Re: GRE Tunnels...which interface is the best to use as the sour

Yes, In your situation, only has one internet connection through the serail interface. Had better use that ip address as tunnel source.

And also it is easy for routing protocol to detect tunnel interface down (when serial interface).

Best Regards,

209
Views
0
Helpful
3
Replies
CreatePlease to create content