Just like IPSec VPN, which we covered in our last post, GRE VPN uses the internet to connect sites together.
GRE, which stands for Generic Routing Encapsulation, creates tunnels like IPSec; however, it does not encrypt the original packet, making it less secure. Nonetheless, it has the advantage of being able to encapsulate a wide variety of Layer 3 protocols as well as broadcast and multicast messages. To combine the flexibility of GRE with the security of IPSec, “GRE over IPSec” can be used. That will be the topic of another post.
As for using a GRE VPN tunnel, the original packet is encapsulated by a GRE header and a new IP header before the packet is forwarded to the destination.
In this post, I will show you how to configure a GRE VPN tunnel between two Cisco routers so that devices existing on each router can communicate using the tunnel over the internet.
Network Topology
The network topology we will be making use of in this post is shown below. As you can see, it consists of two routers (R1 and R2) with separate connections to the internet. In this demonstration, we will be configuring an GRE VPN tunnel between the two routers so that the two routers can establish a WAN connection through the internet router.
How to Configure GRE VPN Tunnel Between Cisco Routers
Here are steps to configure an GRE VPN tunnel between Cisco routers using the network topology shown above.
Step 1: Configure Interfaces of the Routers
The first step is to assign an IP address to the interfaces of the routers. The configuration to do this is shown below.
Router 1
R1(config)#interface ethernet0/0
R1(config-if)#ip address 11.11.11.1 255.255.255.252
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface ethernet0/1
R1(config-if)#ip address 192.168.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
Router 2
R2(config)#interface ethernet0/0
R2(config-if)#ip address 11.11.11.2 255.255.255.252
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface ethernet0/1
R2(config-if)#ip address 22.22.22.5 255.255.255.252
R2(config-if)#no shutdown
R2(config-if)#exit
Router 3
R3(config)#interface ethernet0/0
R3(config-if)#ip address 22.22.22.6 255.255.255.252
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface ethernet0/1
R3(config-if)#ip address 192.168.21.1 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit
Step 2: Configure Default routes
A default route is a route on which a router will forward traffic if the destination route does not exist on the routing table. For the network topology we are using, we need to configure the default route to the internet router on each of the two other routers.
Router 1
R1(config)#ip route 0.0.0.0 0.0.0.0 11.11.11.2
Router 3
R3(config)#ip route 0.0.0.0 0.0.0.0 22.22.22.5
Step 3: Create the GRE VPN Tunnel
Like we stated before, the GRE VPN tunnel is going to be between Router 1 and Router 3. Here are the configurations on each of the routers to achieve this:
Router 1
R1(config)#interface tunnel 0
R1(config-if)#ip address 172.16.0.1 255.255.255.252 <-- Tunnel Address
R1(config-if)#ip mtu 1400 <-- Adjust the maximum transfer unit (MTU) to 1400 bytes
R1(config-if)#ip tcp adjust-mss 1360 <-- Adjust the maximum segment size (MSS) to 1360 bytes
R1(config-if)#tunnel source 11.11.11.1 <-- R1’s public IP address
R1(config-if)#tunnel destination 22.22.22.6 <-- R3’s public IP address
R1(config-if)#exit
*Dec 29 14:25:40.019: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
Router 3
R3(config)#interface tunnel 0
R3(config-if)#ip address 172.16.0.2 255.255.255.252 <-- Tunnel Address
R3(config-if)#ip mtu 1400 <-- Adjust the maximum transfer unit (MTU) to 1400 bytes
R3(config-if)#ip tcp adjust-mss 1360 <-- Adjust the maximum segment size (MSS) to 1360 bytes
R3(config-if)#tunnel source 22.22.22.6 <-- R3’s public IP address
R3(config-if)#tunnel destination 11.11.11.1 <-- R1’s public IP address
R3(config-if)#exit
*Dec 29 14:25:39.395: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
Step 4: Create Static route for the GRE Tunnel
We need to create static route routing networks through the GRE tunnel.
Router 1
R1(config)#ip route 192.168.21.0 255.255.255.0 172.16.0.2
Router 2
R3(config)#ip route 192.168.12.0 255.255.255.0 172.16.0.1
Step 5: Configure the host devices
PC1
Disable the routing table, configure the IP address on Ethernet0/0, set the IP gateway on PC1, and try to ping the gateway (192.168.12.1).
PC1(config)#no ip routing
PC1(config)#interface ethernet0/0
PC1(config-if)#ip address 192.168.12.2 255.255.255.0
PC1(config-if)#no shutdown
PC1(config-if)#exit
PC1(config)#ip default-gateway 192.168.12.1
PC2
Disable the routing table, configure the IP address on Ethernet0/0, set the IP gateway on PC2, and try to ping the gateway (192.168.21.1).
PC2(config)#no ip routing
PC2(config)#interface ethernet0/0
PC2(config-if)#ip address 192.168.21.2 255.255.255.0
PC2(config-if)#no shutdown
PC2(config-if)#exit
PC(config)#ip default-gateway 192.168.21.1
Step 6: Test Connectivity
You can test connectivity by pinging from PC1 to PC2.
PC1#ping 192.168.21.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.21.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/5 ms
PC1#ping 192.168.21.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.21.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/6 ms
PC3#ping 192.168.12.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/5 ms
PC3#ping 192.168.12.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/6 ms
Related Content
How to Configure “GRE over IPSec Tunnel” on Cisco Routers (Site-to-Site)
How to Configure IPSec VPN Tunnel in Cisco Router(Site-to-Site)
I am a passionate Networking Associate specializing in Telecommunications.
With a degree in Electronic engineering, I possess a strong understanding of electronic systems and the intricacies of telecommunications networks. I gained practical experience and valuable insights working for a prominent telecommunications company.
Additionally, I hold certifications in networking, which have solidified my expertise in network architecture, protocols, and optimization.
Through my writing skills, I aim to provide accurate and valuable knowledge in the networking field.
Connect with me on social media using the links below for more insights.
You can contact me using [email protected] or connect with me using any of the social media account linked below