Professional Documents
Culture Documents
Overview
Generic Routing Encapsulation (GRE) is a simple IP packet encapsulation protocol, GRE tunnels are
mainly used as a means to carry other routed protocols across a predominantly IP network. They
remove the need of all protocols, except IP, for data transfer, thus reducing much overhead on the
network administrator’s part. Non-IP protocols such as IPX and AppleTalk are tunnelled through the
IP core via GRE.
Scenario
Create an IPSec tunnel between a Head Office network and a Branch Office network. The clients at
the Branch Office are to connect to the Head Office Media Server. So we have created GRE tunnel
over the IPSec connection to allow transfer of multicast traffic between the Head Office and Branch
Office. The network scenario is described in the diagram below.
Network Schema
Configuration
To forward GRE traffic over IPSec VPN connection, follow the steps given below. The configuration is
to be done from the Web Admin Console using Administrator profile.
Note:
- Make sure that WAN IP of Head Office Cyberoam is included in the Trusted Local Subnet at the
Head Office side and Trusted Remote Subnet at the Branch Office side.
- Similarly, Make sure that WAN IP of Branch Office Cyberoam is included in the Trusted Local
Subnet at the Branch Office side and Trusted Remote Subnet at the Head Office side.
Head Office
Go to Network Static Route Multicast and click Add to add a new multicast route using the
parameters given below.
Parameter Description
Note:
Make sure that Firewall Rules allowing traffic from LAN to VPN and vice versa are present. If they are
not present, create them manually. They are necessary for the VPN connections to function properly.
The above configuration forwards all GRE traffic to the IPSec VPN connection between Head Office
and Branch office.