© 2007 Cisco Systems, Inc. All rights reserved.SNRS v2.04-1 Secured Connectivity Configuring GRE Tunnels.

Презентация:



Advertisements
Похожие презентации
© 2006 Cisco Systems, Inc. All rights reserved.ONT v Implement the DiffServ QoS Model Implementing QoS Preclassify.
Advertisements

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Module Summary IPsec is designed to provide interoperable, high-quality, cryptographically.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec VPNs Configuring GRE Tunnels over IPsec.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 9 Routing.
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Secured Connectivity Configuring a DMVPN.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Module Summary The IKE protocol is a key management protocol standard used in conjunction with.
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Secured Connectivity Introducing IPsec.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Implementing Inter-VLAN Routing Enabling Routing Between VLANs on a Multilayer Switch.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec VPNs Site-to-Site IPsec VPN Operation.
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Secured Connectivity Examining Cisco IOS VPNs.
© 2006 Cisco Systems, Inc. All rights reserved. IP6FD v IPv6-Enabled Routing Protocols Examining Integrated IS/IS.
© 2006 Cisco Systems, Inc. All rights reserved. SND v Configuring a Cisco IOS Firewall Configuring a Cisco IOS Firewall with the Cisco SDM Wizard.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Implementing Inter-VLAN Routing Describing Routing Between VLANs.
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Layer 2 Security Examining Layer 2 Attacks.
© 2006 Cisco Systems, Inc. All rights reserved. BSCI v Implementing IPv6 Using IPv6 with IPv4.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.
© 2006 Cisco Systems, Inc. All rights reserved. SND v Securing the Perimeter Applying a Security Policy for Cisco Routers.
© 2005 Cisco Systems, Inc. All rights reserved. INTRO v Module Summary TCP/IP is the most widely used networking protocol, with functions that can.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec VPNs Cisco High Availability Options.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Route Selection Using Policy Controls Using Outbound Route Filtering.
Транксрипт:

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Secured Connectivity Configuring GRE Tunnels

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Generic Routing Encapsulation RFCs 1701, 1702, 2784 Uses IP protocol 47 when encapsulated within IP Allows passing of routing information between connected networks

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Default GRE Characteristics Tunneling of arbitrary OSI Layer 3 payload is primary goal of GRE Stateless (no flow control mechanisms) No security (no confidentiality, data authentication, or integrity assurance) 24-B overhead by default (20-B IP header and 4-B GRE header) IPGREIPTCPData Protocol Type Flags Identifies the type of payload: Ethertype 0x800 is used for IPv4. Identifies the presence of optional header fields

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Deployment Scenario Corporate Headquarters Remote Office Workplace Resources Remote Users Internet GRE Tunnel

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Configuring a GRE Tunnel Create and identify the tunnel interface. Configure the tunnel interface source address. Configure the tunnel interface destination address. Bring up tunnel interface (administratively). Configure routes.

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Configure a Tunnel R1(config)#interface tunnel 0 R1(config-if)#ip address R1(config-if)#tunnel source R1(config-if)#tunnel destination R1(config-if)#no shutdown R1(config-if)#exit R1(config)#ip route tunnel Site 1Site R1 R6 Internet B A

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Verifying GRE Tunnels R1# show ip interface brief R1# show interfaces tunnel Site 1Site R1 R6 Internet B A

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v GRE/IPsec GRE encapsulates arbitrary payload. IPsec encapsulates unicast IP packet (GRE) –Tunnel mode (default): IPsec creates a new tunnel IP packet. –Transport mode: IPsec reuses the IP header of the GRE (20 B less overhead). IPESPIPTCPData Tunnel Mode Example IPGRE ESPIPTCPData Transport Mode Example IPGRE Encrypted Payload ESP

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v GRE with Encryption Example R1(config)#interface tunnel 0 R1(config-if)#ip address R1(config-if)#tunnel source R1(config-if)#tunnel destination R1(config-if)#crypto map SNRS-MAP R1(config-if)#no shutdown R1(config-if)#exit R1(config)#ip access-list 101 permit gre host host R1(config)#ip route tunnel Site 1Site R1 R6 Internet GRE/IPsec Tunnel B A

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Summary GRE was developed to encapsulate a wide variety of protocol packet types inside IP tunnels. GRE can be used in conjunction with IPsec to pass routing updates between sites on an IPsec VPN. Several simple steps are required to configure a GRE tunnel. Use the show interfaces command to verify tunnel configuration. You can configure encryption so that all traffic through the GRE tunnel is encrypted.

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v