CCNA Experiment 36 GRE (Generic route encapsulation)

Source: Internet
Author: User
Tags hmac

CCNA Experiment 36 GRE(Generic route encapsulation)

Environment: Windows XP ,Packet Tracert5.3

Objective: To understand Use of GRE to master How to configure GRE.

Description

GRE (Generic Routing encapsulation, Generic Routing Encapsulation) protocol is the encapsulation of data packets for certain network layer protocols, such as IP and IPX, so that these encapsulated data packets can be transmitted in another network layer protocol such as IP. GRE uses tunnel (tunneling) technology, which is the third-tier tunneling protocol for VPN (Virtual Private Network).

The tunnel is a virtual point-to-point connection that provides a path for the encapsulated data packet to be transmitted over the path and encapsulates and encapsulates the datagram at both ends of a tunnel. The message of an X protocol to pass through the IP network in the tunnel, must be encapsulated and unpacked two processes.

Steps:

Create the topology as follows:

650) this.width=650; "src=" Http://hi.csdn.net/attachment/201012/10/0_1291953472ttPN.gif "/>



Configuration R1:

router>en

Router#conf T

Router (config) #host R1

R1 (config) #int loopback 0

R1 (config-if) #ip add 192.168.1.1 255.255.255.0

R1 (config-if) #exit

R1 (config) #int s0/0/0

R1 (config-if) #ip add 12.1.1.1 255.255.255.0

R1 (config-if) #no sh

R1 (config-if) #exit

R1 (config) #int tunnel 0// create tunnel tunnel 0

R1 (config-if) #ip Add 1.1.1.1 255.255.255.0// Configure tunnel IP address

R1 (config-if) #tunnel source s0/0/0// Specify The origin port of the tunnel tunnel

R1 (config-if) #tunnel destination 23.1.1.1// Specify The destination address of the tunnel tunnel

R1 (CONFIG-IF) #exit// exit

R1 (config) #router RIP// open RIP routing process

R1 (config-router) #no auto-summary// Turn off Auto summary

R1 (Config-router) #version 2//RIP Routing protocol with version 2 enabled

R1 (config-router) #net work 12.1.1.0// Add the 12.1.1.0 segment to the routing process and advertise it

R1 (Config-router) #exit

R1 (config) #ip rou 192.168.2.0 255.255.255.0 1.1.1.2//tunnel 0 ports routed to R3 via Loopback tunnel

Configuration R2:

router>en

Router#conf T

Router (config) #host R2

R2 (config) #int s0/0/0

R2 (config-if) #ip add 12.1.1.2 255.255.255.0

R2 (config-if) #clock rate 64000

R2 (config-if) #no sh

R2 (config-if) #exit

R2 (config) #int S0/0/1

R2 (config-if) #ip add 23.1.1.2 255.255.255.0

R2 (config-if) #clock rate 64000

R2 (config-if) #no sh

R2 (config-if) #exit

R2 (config) #router rip

R2 (config-router) #version 2

R2 (config-router) #no auto-summary

R2 (config-router) #network 12.1.1.0

R2 (config-router) #network 23.1.1.0

R2 (Config-router) #exit

Configuration R3

router>en

Router#conf T

Router (config) #host R3

R3 (config) #int loopback 0

R3 (config-if) #ip add 192.168.2.1 255.255.255.0

R3 (config-if) #exit

R3 (config) #int s0/0/0

R3 (config-if) #ip add 23.1.1.1 255.255.255.0

R3 (config-if) #no sh

R3 (config-if) #exit

R3 (config) #int tunnel 0

R3 (config-if) #ip add 1.1.1.2 255.255.255.0

R3 (config-if) #tunnel source s0/0/0

R3 (config-if) #tunnel destination 12.1.1.1

R3 (config-if) #exit

R3 (config) #router rip

R3 (config-router) #version 2

R3 (config-router) #no auto-summary

R3 (config-router) #network 23.1.1.0

R3 (Config-router) #exit

R3 (config) #ip rou 192.168.1.0 255.255.255.0 1.1.1.1//routed through tunnel Tunnel to R2 loopback0 Mouth

after the above configuration Tunnel Tunnel was successfully established,R1,R3 can Ping each other 's tunnel 0 and loopback 0 interface, but R2 but Ping does not pass their tunnel 0 and loopback 0 interfaces. This way the Tunnell Tunnel achieves the effect of transparent work.



650) this.width=650; "src=" Http://hi.csdn.net/attachment/201012/10/0_1291953712wx5j.gif "/>

650) this.width=650; "src=" Http://hi.csdn.net/attachment/201012/10/0_1291953720h3uy.gif "/>

in order to Security and encryption on the tunnel tunnel we can configure GRE over IPsec as follows:

R1 Configuration:

R1 (config) #access-list permit GRE 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

R1 (config) #crypto ISAKMP enable

R1 (config) #crypto ISAKMP policy 1

R1 (CONFIG-ISAKMP) #authentication Pre-share

R1 (CONFIG-ISAKMP) #hash MD5

R1 (CONFIG-ISAKMP) #group 2

R1 (CONFIG-ISAKMP) #exit

R1 (config) #crypto ISAKMP key Kkfloat address 23.1.1.1

R1 (config) #crypto IPSec transform-set kkfloatset esp-3des Esp-md5-hmac

R1 (config) #crypto map VPN Ten IPSEC-ISAKMP

R1 (config-crypto-map) #set peer 23.1.1.1

R1 (config-crypto-map) #set Transform-set Kkfloatset

R1 (CONFIG-CRYPTO-MAP) #match address 100

R1 (Config-crypto-map) #exit

R1 (config) #int s0/0/0

R1 (CONFIG-IF) #crypto Map VPN

R1 (config-if) #exit

Configuration R3:

R3 (config) #access-list permit GRE 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

R3 (config) #crypto ISAKMP enable

R3 (config) #crypto ISAKMP policy 1

R3 (CONFIG-ISAKMP) #authentication Pre-share

R3 (CONFIG-ISAKMP) #hash MD5

R3 (CONFIG-ISAKMP) #group 2

R3 (CONFIG-ISAKMP) #exit

R3 (config) #crypto ISAKMP key Kkfloat address 12.1.1.1

R3 (config) #crypto IPSec transform-set kkfloatset esp-3des Esp-md5-hmac

R3 (config) #crypto map VPN Ten IPSEC-ISAKMP

R3 (config-crypto-map) #set peer 12.1.1.1

R3 (config-crypto-map) #set Transform-set Kkfloatset

R3 (CONFIG-CRYPTO-MAP) #match address 100

R3 (Config-crypto-map) #exit

R3 (config) #int s0/0/0

R3 (CONFIG-IF) #crypto Map VPN

R3 (config-if) #exit

with the above configuration, IPSEC encryption is implemented in the tunnel tunnel .


This article from "Liu Fengyuan" blog, declined reprint!

CCNA Experiment 36 GRE (Generic route encapsulation)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.