GRE Tunnel 1

certskills
By certskills April 25, 2016 10:05

#GRE – that is, Generic Route Encapsulation – gives us a way to encapsulate IP packets inside another IP packet. Why? Often times, the reason is to create an Internet VPN, forwarding encrypted IP packets inside IP packets that can be routed through the Internet. This latest config lab gives you a chance to practice the GRE tunnel configuration part of the task, while ignoring the encryption configuration.

Requirements

This design for this lab shows two sites in a company, with a WAN link that runs through in the Internet between the two sites. Note that the WAN link represents what would normally be the Internet. That single link uses subnet 192.0.2.0/30. The enterprise uses private class C networks that begin with 192 in the internal networks in the enterprise and on the tunnel itself.

The lab begins with IPv4 addressing and OSPF working at each site independently. Your job is to create a manual GRE tunnel between the two edge routers shown in the figure. The specific rules for this lab are:

  • Create a tunnel between the two edge routers in the figure
  • Reference the interfaces as the tunnel source.
  • You choose the tunnel destination addresses.
  • Use private class C network 192.168.3.0/24 on the tunnel for the private addresses inside the enterprise.
  • Configure OSPF on the tunnel interface using OSPF interface commands
  • Use all existing OSPF parameters and process-ID’s per the initial configuration listed in this lab
  • Assume all device interfaces shown in the lab are up, working and with correct IP addresses assigned.
  • Do not enabled IPsec encryption on the tunnel (to keep the lab focused on the GRE tunnel) 

 

 Figure 1: Two Sites to be Connected Using a GRE Tunnel

 

Initial Configuration

Example 1, 2, 3 and 4 show the beginning configuration state of Edge1, Edge2, Acme1 and Acme2.

 

Example 1: Edge1 Config

 

Example 2: Edge2 Config

 

Example 3: Acme1 Config

 

Example 4: Acme2 Config

 

Answer on Paper, or Maybe Test in Lab

Next, write your answer on paper. Or if you have some real gear, or other tools, configure the lab with those tools.

You can verify the configuration and operation of the tunnel interface in several ways. First, from the edge routers, issue a show interfaces tunnel0 command. From those same routers, check if Edge1 and Edge2 become OSPF neighbors; if all parts of the lab are configured correctly, the two should become neighbors.

You can also test with pings. First, from the edge routers, just ping the private IP addresses (192.168.3.1 and 192.168.3.2) on the other end of the tunnel. Also, connect to the other two routers, and use an extended ping to test from Acme1’s G0/2 interface to Acme2’s G0/2 interface. For instance, from Acme1, issue ping 192.168.200.1 source 192.168.100.1.

 

Do this Lab with Cisco’s VIRL

You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for the Virtual Internet Routing Lab (VIRL) software as well. The .VIRL file found here is a file that when used with VIRL will load a lab topology similar to this lab’s topology, with the initial configuration shown in the lab as well. This section lists any differences between the lab exercise and the .VIRL file’s topology and configuration.

Download this lab’s VIRL file!

The virl topology matches this lab topology exactly.

Answers: GRE Tunnel 1
Answers: Multi-area OSPF 1
certskills
By certskills April 25, 2016 10:05
Write a comment

2 Comments

  1. gigi December 28, 05:22

    Hi, so that it can work I have added the static ip routes on all routers, Acme1 and Acme2 as well, cause only with this configuration the two PCs can ping each other. Right?
    Thanks

    Reply to this comment
    • certskills Author December 28, 10:00

      Hi Gigi,
      If you want to use static routes, that’s ok with me. However, the intent with those bullets that mention OSPF (about midway through the bullet list of requirements) is that you enable OSPF on the tunnel interface. OSPF is already enabled on the private LAN interfaces on all four routers, so that once working over the tunnel, all four routers should be able to learn routes for subnets in the various 192.168.x private networks used in the example.
      Good exercise though – get it working with static routes (since you’ve already started), then remove them and try it with OSPF.
      Wendell

      Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories