[go: up one dir, main page]
Scribd
Upload
148 views6 pages

Practical 6 Security VPN GRE

This document describes how to configure a GRE VPN tunnel between two routers to securely connect two remote networks. It provides the addressing tables and objectives for configuring the tunnel interfaces on each router with IP addresses and tunnel endpoints. It also describes verifying connectivity by pinging between routers and PCs before and after configuring the tunnel and static routes. Finally, it provides a brief overview of the differences between GRE tunnels and IPSec VPNs.

Uploaded by

Maurice
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
148 views6 pages

Practical 6 Security VPN GRE

This document describes how to configure a GRE VPN tunnel between two routers to securely connect two remote networks. It provides the addressing tables and objectives for configuring the tunnel interfaces on each router with IP addresses and tunnel endpoints. It also describes verifying connectivity by pinging between routers and PCs before and after configuring the tunnel and static routes. Finally, it provides a brief overview of the differences between GRE tunnels and IPSec VPNs.

Uploaded by

Maurice
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Réseaux et Sécurité

(Network & Security)


GEII

Lab Session 6
(Security VPN GRE)

Definition

A VPN enables a company to securely share data and services between disparate locations at minimal cost. Users who do
not have a permanent workstation in an organization can connect to a VPN to remotely access company data from a
home computer, laptop, or other mobile device.

Working Principle (Reference : Lecture 8 IDS IPS VPN Slide 8)

• “Tunnel” created between LAN and WAN

• It is a connection between 2 or more computers or devices that ARE NOT on the same private Network

• Data encapsulation and encryption used to ensure ONLY proper users and data

• Medium = INTERNET

Topology

Lecturer : Mr. P. Boncoeur Network & Security 1|Page


Réseaux et Sécurité
(Network & Security)
GEII

Objectives

Part 1: Verify Router Connectivity

Part 2: Configure GRE Tunnels

Part 3: Verify PC Connectivity

Scenario
You are the network administrator for a company which wants to set up a GRE tunnel to a remote office. Both networks
are locally configured, and need only the tunnel configured.

Part 1 : Verify Router Connectivity

Addressing Table
Device Interface IP Address Subnet Mask Default Gateway
G0/0 192.168.1.1 255.255.255.0 N/A
RA S0/0/0 64.103.211.2 255.255.255.252 N/A
Tunnel 0 10.10.10.1 255.255.255.252 N/A

G0/0 192.168.2.1 255.255.255.0 N/A


RB S0/0/0 209.165.122.2 255.255.255.252 N/A
Tunnel 0 10.10.10.2 255.255.255.252 N/A

PC-A NIC 192.168.1.2 255.255.255.0 192.168.1.1


PC-C NIC 192.168.2.2 255.255.255.0 192.168.2.1

Lecturer : Mr. P. Boncoeur Network & Security 2|Page


Réseaux et Sécurité
(Network & Security)
GEII

Configuration

 Configure the device based on the addressing table.


 DO NOT CONFIGURE THE TUNNEL FOR THE ROUTERS.
 When trying to ping Router B from Router A, the ping fails. This is because the routes have not been configured
on the router.

Configure Static routes for each router.


Example Router A :

Testing connectivity

Step 1: Ping Router A from Router B.

Step 2: Ping PCA from PCB.


Attempt to ping the IP address of PCA from PCB. We will repeat this test after configuring the GRE tunnel. The pings failed
because there is no route to the destination.

Lecturer : Mr. P. Boncoeur Network & Security 3|Page


Réseaux et Sécurité
(Network & Security)
GEII

Part 2 : Configure GRE Tunnel

Step 1: Configure the Tunnel 0 interface of Router A.

a. Enter into the configuration mode for Router A Tunnel 0.


o Router A(config)# interface tunnel 0
b. Set the IP address as indicated in the Addressing Table.
o Router A (config-if)# ip address 10.10.10.1 255.255.255.252
c. Set the source and destination for the endpoints of Tunnel 0.
o Router A (config-if)# tunnel source Se0/1/0
o Router A (config-if)# tunnel destination 209.165.122.2
d. Configure Tunnel 0 to convey IP traffic over GRE.
o Router A (config-if)# tunnel mode gre ip
e. The Tunnel 0 interface should already be active. In the event that it is not, treat it like any other interface.
o Router A (config-if)# no shutdown

Step 2: Configure the Tunnel 0 interface of Router B.

a. Enter into the configuration mode for Router A Tunnel 0.


o Router A(config)# interface tunnel 0
b. Set the IP address as indicated in the Addressing Table.
o Router A (config-if)# ip address 10.10.10.2 255.255.255.252
c. Set the source and destination for the endpoints of Tunnel 0.
o Router A (config-if)# tunnel source Se0/1/0
o Router A (config-if)# tunnel destination 64.103.211.2
d. Configure Tunnel 0 to convey IP traffic over GRE.
o Router A (config-if)# tunnel mode gre ip
e. The Tunnel 0 interface should already be active. In the event that it is not, treat it like any other interface.
o Router A (config-if)# no shutdown

Step 3: Configure a route for private IP traffic.

Establish a route between the 192.168.X.X networks using the 10.10.10.0/30 network as the destination.

Router A(config)# ip route 192.168.2.0 255.255.255.0 10.10.10.2

Router B(config)# ip route 192.168.1.0 255.255.255.0 10.10.10.1

Lecturer : Mr. P. Boncoeur Network & Security 4|Page


Réseaux et Sécurité
(Network & Security)
GEII

Part 3 : Verify PC Connectivity

Step 1: Ping PCA from PCB.

Attempt to ping the IP address of PCA from PCB. The ping should be successful.

Step 2: Trace the path from PCA to PCB.

Attempt to trace the path from PCA to PCB. Note the lack of public IP addresses in the output.

Lecturer : Mr. P. Boncoeur Network & Security 5|Page


Réseaux et Sécurité
(Network & Security)
GEII

Note on GRE

(Reference : http://blog.boson.com/bid/92815/What-are-the-differences-between-an-IPSec-VPN-and-a-GRE-Tunnel)

Like IPSec VPNs, GRE tunnels are used to create point-to-point connections between two networks. Some of the benefits
and characteristics of GRE tunnels include the following:

 Data encapsulation – GRE tunnels encapsulate packets that use protocols incompatible with an intermediary
network (passenger protocols) within protocols that are compatible (transport protocols). This allows data to be
sent across networks that otherwise could not be traversed. For example, you could implement a GRE tunnel to
connect two AppleTalk networks through an IP-only network or to route IPv4 packets across a network that only
uses IPv6.

 Simplicity – GRE tunnels lack mechanisms related to flow-control and security by default. This lack of features can
ease the configuration process. However, you probably don’t want to transfer data in an unencrypted form across
a public network; therefore, GRE tunnels can be supplemented by the IPSec suite of protocols for security
purposes. In addition, GRE tunnels can forward data from dis-contiguous networks through a single tunnel, which
is something VPNs cannot do.

 Multicast traffic forwarding – GRE tunnels can be used to forward multicast traffic, whereas a VPN cannot.
Because of this, multicast traffic such as advertisements sent by routing protocols can be easily transferred
between remote sites when using a GRE tunnel.

In summary, both VPNs and GRE tunnels can be used to transfer data between remote locations. However, their
similarities end there. If you are looking to provide a secure method of connecting remote users to resources stored
within a central location, you should probably implement a VPN. However, if you need to pass traffic over an otherwise
incompatible network, a GRE tunnel should be implemented.

Lecturer : Mr. P. Boncoeur Network & Security 6|Page

You might also like