Scribd Logo
Upload

Welcome to Scribd!

  • How To - Forward Gre Traffic Over Ipsec VPN Tunnel: Applicable Version: 10.00 Onwards

    Uploaded by

    ccalin10
    9 views5 pages
    Trafic Over IPSec VPN Tunnel

    Original Title

    HowToForwardGRETrafficoverIPSecVPNTunnel

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Trafic Over IPSec VPN Tunnel

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views5 pages

    How To - Forward Gre Traffic Over Ipsec VPN Tunnel: Applicable Version: 10.00 Onwards

    Uploaded by

    ccalin10
    Trafic Over IPSec VPN Tunnel

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    How To – Forward GRE Traffic over IPSec VPN Tunnel

    Applicable Version: 10.00 onwards

    Overview
    Generic Routing Encapsulation (GRE) is a simple IP packet encapsulation protocol, GRE tunnels are
    mainly used as a means to carry other routed protocols across a predominantly IP network. They
    remove the need of all protocols, except IP, for data transfer, thus reducing much overhead on the
    network administrator’s part. Non-IP protocols such as IPX and AppleTalk are tunnelled through the
    IP core via GRE.

    Generally, GRE tunnels are used in the following scenarios:

    - To carry Multicast traffic just like real network interface traffic.


    - To carry non-routable protocol traffic like NetBIOS or non-IP traffic over IP network.
    - To link two similar networks which are connected with different IP addressing

    Scenario
    Create an IPSec tunnel between a Head Office network and a Branch Office network. The clients at
    the Branch Office are to connect to the Head Office Media Server. So we have created GRE tunnel
    over the IPSec connection to allow transfer of multicast traffic between the Head Office and Branch
    Office. The network scenario is described in the diagram below.
    Network Schema

    Branch Office Head Office


    Cyberoam WAN IP Address – 202.134.168.208 Cyberoam WAN IP Address – 202.134.168.202
    LAN IP – 172.50.50.2 LAN IP – 172.16.16.10
    LAN Subnet – 172.50.50.0/24 LAN Subnet – 172.16.16.0/24
    GRE Tunnel Virtual IP – 5.5.5.1 GRE Tunnel Virtual IP – 5.5.5.2
    Media Server :
    Source IP – 172.16.16.2
    Multicast IP – 225.0.0.1

    Configuration
    To forward GRE traffic over IPSec VPN connection, follow the steps given below. The configuration is
    to be done from the Web Admin Console using Administrator profile.

    Step 1: Create IPSec VPN Tunnel


    Create an IPSec VPN tunnel between the Head Office and Branch Office. To know how to create an
    IPSec VPN connection, refer to the article How To - Establish Site-to-Site IPSec Connection using
    Preshared Key.

    Note:

    In the IPSec configuration:

    - Make sure that WAN IP of Head Office Cyberoam is included in the Trusted Local Subnet at the
    Head Office side and Trusted Remote Subnet at the Branch Office side.

    - Similarly, Make sure that WAN IP of Branch Office Cyberoam is included in the Trusted Local
    Subnet at the Branch Office side and Trusted Remote Subnet at the Head Office side.

    Step 2: Create GRE Tunnel


    Create a GRE Tunnel between the Head Office and the Branch Office. To know how to create a GRE
    tunnel, refer to the article How To – Configure a GRE Tunnel on Cyberoam.

    Step 3: Enable Multicast Forwarding in Cyberoam


    Enable Multicast Forwarding on Cyberoam by going to Network  Static Route  Multicast and
    checking Enable Multicast Forwarding as shown below.
    Step 4: Add Static Multicast Routes
    Add static multicast routes both at the Head Office and Branch Office.

    Head Office
    Go to Network  Static Route  Multicast and click Add to add a new multicast route using the
    parameters given below.

    Parameter Description

    Parameter Value Description


    Source IP Address 172.16.16.2 Specify Source IP Address.
    Source Interface PortA – 172.16.16.10 Select Source Interface from the list.
    Specify range of Multicast IP
    Multicast Address 225.0.0.1
    Address
    Select Destination Interface from the
    Destination Interface gre_tunnel_ho – 5.5.5.2 list. You can select more than one
    destination interface.
    Branch Office
    Go to Network  Static Route  Multicast and click Add to add a new multicast route using the
    parameters given below.
    Parameter Description

    Parameter Value Description


    Source IP Address 172.16.16.2 Specify Source IP Address.
    Source Interface gre_tunnel_bo – 5.5.5.1 Select Source Interface from the list.
    Specify range of Multicast IP
    Multicast Address 225.0.0.1
    Address
    Select Destination Interface from the
    Destination Interface PortA-172.50.50.2 list. You can select more than one
    destination interface.

    Note:

    Make sure that Firewall Rules allowing traffic from LAN to VPN and vice versa are present. If they are
    not present, create them manually. They are necessary for the VPN connections to function properly.

    The above configuration forwards all GRE traffic to the IPSec VPN connection between Head Office
    and Branch office.

    You might also like