Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
Bookmark
|
Subscribe
|
599232
Views
88
Helpful
38
Comments

How to configure a GRE tunnel

TCC_2
Level 10
Level 10

‎06-22-2009 03:34 PM - edited ‎03-01-2019 03:49 PM

 

 

Introduction:

Tunneling provides a mechanism to transport packets of one protocol within another protocol. The protocol that is carried is called as the passenger protocol, and the protocol that is used for carrying the passenger protocol is called as the transport protocol. Generic Routing Encapsulation (GRE) is one of the available tunneling mechanisms which uses IP as the transport protocol and can be used for carrying many different passenger protocols. The tunnels behave as virtual point-to-point links that have two endpoints identified by the tunnel source and tunnel destination addresses at each endpoint.

 

The below diagram shows encapsulation process of GRE packet as it traversers the router and enters the tunnel interface:

 

GRE1.jpg

Configuring GRE Tunnel:

 

Configuring a GRE tunnel involves creating a tunnel interface, which is a logical interface. Then you must configure the tunnel endpoints for the tunnel interface.

 

To configure the tunnel source and destination, issue the tunnel source {ip-address | interface-type} and tunnel destination {host-name | ip-address} commands under the interface configuration mode for the tunnel.

 

The below example explain about how to create simple GRE tunnels between endpoints and the necessary steps to create and verify the GRE tunnel between the two networks.R1's and R2's Internal subnets(192.168.1.0/24 and 192.168.2.0/24) are  communicating with each other using GRE tunnel over internet.Both Tunnel interfaces are part of the 172.16.1.0/24 network.

 

gre2.jpg

 

First step is to create our tunnel interface on R1 and R2 :

 

R1R2

R1(config)# interface Tunnel1

R1(config-if)# ip address 172.16.1.1 255.255.255.0

R1(config-if)# ip mtu 1400

R1(config-if)# ip tcp adjust-mss 1360

R1(config-if)# tunnel source 1.1.1.1

R1(config-if)# tunnel destination 2.2.2.2

R2(config)# interface Tunnel1

R2(config-if)# ip address 172.16.1.2 255.255.255.0

R2(config-if)# ip mtu 1400

R2(config-if)# ip tcp adjust-mss 1360

R2(config-if)# tunnel source 2.2.2.2

R2(config-if)# tunnel destination 1.1.1.1

 

Since GRE is an encapsulating protocol, we adjust the maximum transfer unit (mtu) to 1400 bytes and maximum segment size (mss) to 1360 bytes. Because most transport MTUs are 1500 bytes and we have an added overhead because of GRE, we must reduce the MTU to account for the extra overhead. A setting of 1400 is a common practice and will ensure unnecessary packet fragmentation is kept to a minimum.

 

After configuring tunnel,two tunnel endpoints can see each other can verify using an icmp echo from one end.

R1# ping 172.16.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

 

Workstations on either network will still not be able to reach the other side unless a routing is configure on each router.Here We will configure static route on both router.

 

R1(config)# ip route 192.168.2.0 255.255.255.0 172.16.1.2

R2(config)# ip route 192.168.1.0 255.255.255.0 172.16.1.1

 

Now both networks (192.168.1.0/24 and 192.168.2.0/24) are able to freely communicate with each other over the GRE Tunnel .

Reference:

Generic Routing Encapsulation (GRE)

Comments
mmehdar77
Level 1
Level 1
‎08-05-2014 02:38 PM
Thanks , very helpful.
keithsauer507
Level 5
Level 5
‎08-20-2014 10:09 AM

Can you do this on an ehwic card?

I'm trying to simulate it in Cisco Packet Tracer Student 6.1 before rolling it into production.  Have a simulation of two 2811's with the same config as production on.

Issue when I go to specify the tunnel source it says Invalid input detected at '^' marker.  So running tunnel source ? shows it's looking for an interface name, not an ip address.


Well I have an HWIC card in the simulation and on Fa0/2/2 I have a cable going to another router where I am trying to gre tunnel over.  Issue is, if I specify Fa0/2/2 it says %ERROR: Source interface does not exist.  But clearly I can go into that interface and clearly I can ping the router connected to that interface!!!!

nagak
Cisco Employee
Cisco Employee
‎09-03-2014 02:28 AM

Really helpful info.

Thanks for posting.

 

decarvalhosylvain
Level 1
Level 1
‎12-30-2014 02:50 AM

You should use Loopback for source and destination interface for a better stability

Bony Varghese
Community Member
‎04-29-2015 12:02 AM

Thanks helpful :)

rooseveltmc
Community Member
‎08-27-2015 03:16 PM

Please note this example GRE tunnel is not encrypted.

You don't want to set this up over a Public Internet without additional encryption such as IPSEC.

 

https://www.youtube.com/watch?v=2PtK8HgkRvM

 

 

h_boulfrakh
Community Member
‎08-27-2015 07:00 PM

Hi , Tks for posting :)

But , 

I really want to know what I need as a prerequisite or special  configuration in the case of a GRE tunnel between two public IP address (two different wan) 

 

Configuration : 

R1 :

wan : @IP1 ..........@tunnel : 192.168.200.1/30.................@tunnel dest : @IP2

R2 :

wan : @IP2...............@tunnel 192.168.200.2/30....................@tunneldest: @IP1

 

it does not ping between points of tunnel  !!!!!!

 

Is what I need something from the provider?

 

Thanks.

Lost & Found
Level 2
Level 2
‎09-10-2015 04:03 AM

Hi.

Ive tried to configure Gre tunnel on out site 1 and 2 but both site has no connection. 

All tunnel interface status is UP/UP

from isp router 2 ip can ping the int tunnel IP but ISP router 1 can't ping it's own tunnel address.

Is it fine to run with s0/0 interface?

Router 2 - 2800 and router 1 - 2600

Do i need to setup OSPF to ping r1-r2? or just static configuration?

Please see the attached photo for the configuration.

Yaron Golan
Level 1
Level 1
‎09-27-2015 07:33 AM

Hi,

Check your IP adresses of the Tunnels , They are the same. ( 10.10.1.2 ) gre.png (644×434)

victor melo
Level 1
Level 1
‎12-14-2015 03:39 PM

a good gre tunnel explanation:  http://ccnp300-101.blogspot.com/2015/11/gre-tunnel.html

cyberbench31
Level 1
Level 1
‎01-06-2016 10:41 PM

check the settings of your routing protocol, you should broadcast tunnel interface and not the public interface on you routing protocol..

sam.craven.01
Level 1
Level 1
‎01-24-2016 01:06 PM

I would look at your static/default route on both. That might be a reach but I have those statements on the configs that I am using.

I would also look at your ACL's, if any.

clay.haynes
Community Member
‎03-22-2016 09:53 AM

This is blogspam and links to copyrighted material. This post should be removed.

aman7uela
Level 1
Level 1
‎06-23-2016 12:20 AM

GRE can encapsulate other protocols. But how can you prove it? Can you please use routers as small as 3 to show me that?

shubhamkumarhcl
Level 1
Level 1
‎07-15-2016 10:48 PM


http://www.ccnaccnplinux.com

http://www.ccnaccnplinux.com/2015/04/gre-tunnel.html

if You visit i am sure you will get useful information

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Top