Scribd Logo
Upload

Welcome to Scribd!

  • How To Forward GRE Traffic Over IPSec VPN Tunnel

    Uploaded by

    Adrian Maftei
    193 views5 pages
    How to Forward GRE Traffic Over IPSec VPN Tunnel

    Original Title

    How to Forward GRE Traffic Over IPSec VPN Tunnel

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    How to Forward GRE Traffic Over IPSec VPN Tunnel

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    193 views5 pages

    How To Forward GRE Traffic Over IPSec VPN Tunnel

    Uploaded by

    Adrian Maftei
    How to Forward GRE Traffic Over IPSec VPN Tunnel

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    How To Forward GRE Traffic over IPSec VPN Tunnel

    Applicable Version: 10.00 onwards


    Overview
    Generic Routing Encapsulation (GRE) is a simple IP packet encapsulation protocol, GRE tunnels are
    mainly used as a means to carry other routed protocols across a predominantly IP network. They
    remove the need of all protocols, except IP, for data transfer, thus reducing much overhead on the
    network administrators part. Non-IP protocols such as IPX and AppleTalk are tunnelled through the
    IP core via GRE.

    Generally, GRE tunnels are used in the following scenarios:

    - To carry Multicast traffic just like real network interface traffic.
    - To carry non-routable protocol traffic like NetBIOS or non-IP traffic over IP network.
    - To link two similar networks which are connected with different IP addressing
    Scenario
    Create an IPSec tunnel between a Head Office network and a Branch Office network. The clients at
    the Branch Office are to connect to the Head Office Media Server. So we have created GRE tunnel
    over the IPSec connection to allow transfer of multicast traffic between the Head Office and Branch
    Office. The network scenario is described in the diagram below.


    How To Forward GRE Traffic over IPSec VPN
    Tunnel
    How To Forward GRE Traffic over IPSec VPN Tunnel



    Network Schema
    Branch Office Head Office
    Cyberoam WAN IP Address 202.134.168.208 Cyberoam WAN IP Address 202.134.168.202
    LAN IP 172.50.50.2 LAN IP 172.16.16.10
    LAN Subnet 172.50.50.0/24 LAN Subnet 172.16.16.0/24
    GRE Tunnel Virtual IP 5.5.5.1 GRE Tunnel Virtual IP 5.5.5.2

    Media Server :
    Source IP 172.16.16.2
    Multicast IP 225.0.0.1

    Configuration
    To forward GRE traffic over IPSec VPN connection, follow the steps given below. The configuration is
    to be done from the Web Admin Console using Administrator profile.

    Step 1: Create IPSec VPN Tunnel
    Create an IPSec VPN tunnel between the Head Office and Branch Office. To know how to create an
    IPSec VPN connection, refer to the article How To - Establish Site-to-Site IPSec Connection using
    Preshared Key.

    Note:

    In the IPSec configuration:

    - Make sure that WAN IP of Head Office Cyberoam is included in the Trusted Local Subnet at the
    Head Office side and Trusted Remote Subnet at the Branch Office side.

    - Similarly, Make sure that WAN IP of Branch Office Cyberoam is included in the Trusted Local
    Subnet at the Branch Office side and Trusted Remote Subnet at the Head Office side.

    Step 2: Create GRE Tunnel
    Create a GRE Tunnel between the Head Office and the Branch Office. To know how to create a GRE
    tunnel, refer to the article How To Configure a GRE Tunnel on Cyberoam.

    Step 3: Enable Multicast Forwarding in Cyberoam
    Enable Multicast Forwarding on Cyberoam by going to Network Static Route Multicast and
    checking Enable Multicast Forwarding as shown below.

    How To Forward GRE Traffic over IPSec VPN Tunnel





    Step 4: Add Static Multicast Routes
    Add static multicast routes both at the Head Office and Branch Office.

    Head Office
    Go to Network Static Route Multicast and click Add to add a new multicast route using the
    parameters given below.




    Parameter Description


    Parameter Value Description
    Source IP Address 172.16.16.2 Specify Source IP Address.
    Source Interface PortA 172.16.16.10 Select Source Interface from the list.
    Multicast Address 225.0.0.1
    Specify range of Multicast IP
    Address
    Destination Interface gre_tunnel_ho 5.5.5.2
    Select Destination Interface from the
    list. You can select more than one
    destination interface.
    How To Forward GRE Traffic over IPSec VPN Tunnel





    Branch Office
    Go to Network Static Route Multicast and click Add to add a new multicast route using the
    parameters given below.




    How To Forward GRE Traffic over IPSec VPN Tunnel



    Parameter Description


    Parameter Value Description
    Source IP Address 172.16.16.2 Specify Source IP Address.
    Source Interface gre_tunnel_bo 5.5.5.1 Select Source Interface from the list.
    Multicast Address 225.0.0.1
    Specify range of Multicast IP
    Address
    Destination Interface PortA-172.50.50.2
    Select Destination Interface from the
    list. You can select more than one
    destination interface.




    Note:

    Make sure that Firewall Rules allowing traffic from LAN to VPN and vice versa are present. If they are
    not present, create them manually. They are necessary for the VPN connections to function properly.


    The above configuration forwards all GRE traffic to the IPSec VPN connection between Head Office
    and Branch office.



    Document Version: 2.0 07/05/2013

    You might also like