cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
723
Views
5
Helpful
4
Replies

what is tunnel mean? how can i create it on my router.

muzazamubika12
Level 1
Level 1

i still learning ccna and i bit confious what is tunnel about.

1 Accepted Solution

Accepted Solutions

Raju Sekharan
Cisco Employee
Cisco Employee

hi

Tunneling encapsulates data packets from one  protocol inside a different protocol and transports the data packets  unchanged across a foreign network

There are different types of tunnleing like, GRE, IPSEC, MPLS,...

Since you are talking about CCNA, I assume you may be referring to GRE

Here is a sample config of GRE

Interface tunnel 1

ip address

tunnel source

tunnel destination

You need similar configurations at both sides for the tunnel to work

Thanks

Raju

View solution in original post

4 Replies 4

Raju Sekharan
Cisco Employee
Cisco Employee

hi

Tunneling encapsulates data packets from one  protocol inside a different protocol and transports the data packets  unchanged across a foreign network

There are different types of tunnleing like, GRE, IPSEC, MPLS,...

Since you are talking about CCNA, I assume you may be referring to GRE

Here is a sample config of GRE

Interface tunnel 1

ip address

tunnel source

tunnel destination

You need similar configurations at both sides for the tunnel to work

Thanks

Raju

muzazamubika12
Level 1
Level 1

thanks raj..
how about if i want to use ipsec protocol
what is the configuration?

Hardik Vaidh
Level 1
Level 1

Dear muzazamubika12

GRE tunnel is simple tunnel which provide to you for remote access network or center.

In the GRE tunnel you have to configure source and destination IP add.

IPsec tunnel have security and authentication step. you end and remote end you have to configure same authentication and pre-share Key. if both are match then only you are able to communication with your remote site.

IPSec Site to Site VPN Configuration below

crypto isakmp policy 10
encr 3des

hash md5
authentication pre-share
group 2
crypto isakmp key XXX address 10.10.10.10

// set your key insted of XXX and it must match with your remote site. after that write address of your peer
crypto isakmp invalid-spi-recovery
!
!
crypto ipsec transform-set XXX esp-3des esp-md5-hmac
!
crypto map YYY  local-address <<>>
crypto map YYY 10 ipsec-isakmp
set peer 10.10.10.10
set transform-set ZZZ
match address 101

interface <<>>
crypto map YYYY

access-list 101 permit ip 192.168.1.0 0.0.0.255 11.11.11.11 (Remote user) 255.255.255.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 22.22.22.22(Remote user) 255.255.255.255

After that configure NAT and deny your remote IP in the NAT access list. if you deny then only your packets travel inside the VPN tunnel and packet will b en crypt. if you forget to deny then your packet travel over Internet

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: