Print page | Print all

CCNP ISCW Notes

1 Apr 2008

Chapter 14: GRE Tunneling over IPsec

GRE over IPsec is primarily used to facilitate routing protocols within tunnels.

GRE is stateless.

GRE adds a new 20-byte IP header and its own 4-byte header, and up to 12 bytes of options:

  • Bit 0: Checksum present - Adds an optional 4-byte checksum field
  • Bit 2: Key present - Adds an optional 4-byte encryption key
  • Bit 3: Sequence number present - Adds an optional 4-byte sequence number
  • Bits 13-15: GRE version - 0 is basic GRE, 1 is used for PPTP
  • Bits 16-31: Protocol field - Identifies layer 3 protocol being transported

GRE Tunnel Configuration

Basic configuration components:

  • Tunnel source
  • Tunnel destination
  • Tunnel mode (GRE/IP is default)

Basic GRE/IP configuration: 

Router(config)# interface tunnel0
Router(config-if)# ip address 192.168.0.1 255.255.255.252
Router(config-if)# tunnel source s0/0
Router(config-if)# tunnel destination 10.1.2.3
! GRE/IP is default
Router(config-if)# tunnel mode gre ip

GRE over IPsec configuration under the SDM involves the following steps:

  1. Create the GRE tunnel
  2. Create a backup GRE tunnel (optional)
  3. Select the IPsec VPN authentication method
  4. Select the IPsec VPN IKE proposals
  5. Select the IPsec VPN transform sets
  6. Select the routing method for the tunnel
  7. Validate the configuration
« Chapter 13: Site-to-Site VPN Operations
Chapter 15: IPsec High Availability Options »
Gerard Metoho-Eke commented on 11 Sep 2008 at 7:24 a.m.

One of the best summary I have seen. It make life easier and time well spent. Good job. Gerard

sam commented on 15 Sep 2008 at 3:18 a.m.

nice work

Leave a comment
(optional, will not be published)
(optional)

Comment Tips

  • You can use Markdown syntax for decoration. (Cheat sheet)
  • Links: [Google](http://google.com) or <http://google.com>
  • Use backticks around commands: `ip address 127.0.0.1`
  • Use indentations (tabs) for preformatted text (code blocks)