1.) A GRE tunnel is used to encapsulate private or non-routable data packets that are generated on a private network, which will then be forwarded over a public domain to another private network. For example, a branch office of a company that does not have a dedicated circuit back to the company headquarters, but instead only has a connection to the public Internet. The GRE tunnel is used to encapsulate the private traffic and "hide" the private addresses from the ISP routing domain.
Under the GRE tunnel interface that you will configure on your VPN router, you will define the tunnel source address and tunnel destination address - the so-called tunnel endpoints. If the packet is being routed over a public internet, the tunnel endpoints must consist of global public addresses that are routable over the public domain.
2.) In a hub-and-spoke VPN topology, a point-to-point GRE tunnel is one that provides a direct connection with its tunnel peer only. In a point-to-multipoint configuration (mGRE), the spoke router can communicate directly to the hub or to another spoke. NHRP is used to facilitate mGRE.
3.) A GRE keepalive is a mechanism used by peer routers to ensure that the distant-end tunnel interface is still reachable. Remember that tunnel interfaces are virtual and are therefore always "up,up", except in the case of recursive routing, which is a special circumstance.
So, instead of waiting for the routing protocol to detect the loss of connectivity with the distant end and converge, the keepalive mechanism uses a pro-active paradigm to detect tunnel interface failures in a timely manner.
4.) IPSec is a VPN suite of technologies that supports encryption, authentication, nonrepudiation and data integrity, but it does not support multicast traffic. GRE does. So, if you are running a dynamic routing protcol between your two VPN endpoints that utilizes multicast updates, like OSPF or EIGRP, then you will need to run "GRE over IPSec".
5.) Cisco's website has tons of configuration samples. Just do a search.
6.) As explained earlier, the tunnel endpoints should be global addresses if you are routing over the public Internet. The interfaces used are typically physical interfaces that connect directly to the provider circuit or to an Internet router. Sometimes the loopback interface is used.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...