GRE- IP/47

GRE size========4 Bytes
New ip header size=20 Bytes
TOTAL=24 Bytes
PORT==>IP===47

packet captures:-
GRE:-4bytes
eth>outer_ip>gre>inner_ip>tcp
outer ip header:-
tunnel source, tunnel destination
inner ip header:-
actual source and destination it is trying to reach


Total Size of the packet=14+20+4+20+20+1470=1538


Sample config:-

interface Tunnel250
ip mtu 1375
ip tcp adjust-mss 1360
ip ospf mtu-ignore--->OSPF adjacency will not form because,MTU value is carried in DBD packet.disables this check of the MTU value in the OSPF DBD packets
tunnel mode gre multipoint--->DMVPN:-tunnel having multiple destinations
DMVPN=combination of mgre+nhrp+ipsec
nhrp=arp=used to map logical ip to its physical ip
hub---spoke1
hub---spoke2

spoke1 sends a -----nhrp request-(I need to builds tunnel with spoke2 tunnelip)---> to hub
spoke1<---------------use a physical address(tunnel source of spoke2)--------------HUB


NORMAL PACKET:
===============



NORMAL PACKET with GRE:-
========================
New ip=private ip which is encrypted
old ip=public ip address

CONFIGURATION:
================
(192.168.0.1)R1(1.1.1.1)<=========ISP==========>(2.2.2.2)R2(192.168.0.1)
tunn0=172.168.0.1                                                  tunn0= 172.16.0.2


ONLY GRE :-
==========

R2(config)# interface Tunnel0
R2(config-if)# ip address 172.16.0.2 255.255.255.0
R2(config-if)# ip mtu 1400
R2(config-if)# ip tcp adjust-mss 1360
R2(config-if)# tunnel source 2.2.2.2
R2(config-if)# tunnel destination 1.1.1.1

R2(config)# ip route 192.168.1.0 255.255.255.0 172.16.0.1
OR
R2(config)#router ospf 1
R2(config)#network 192.168.1.2 0.0.0.0 area 0
R2(config)#network 172.16.0.2 0.0.0.0 area 0

WITH IPSEC:-
==========

R2(config)# crypto isakmp policy 1
R2(config-isakmp)# encr 3des
R2(config-isakmp)# hash md5
R2(config-isakmp)# authentication pre-share
R2(config-isakmp)# group 2
R2(config-isakmp)# lifetime 86400

R2(config)# crypto isakmp key CISCO address 1.1.1.1
R2(config)# crypto ipsec transform-set TS esp-3des esp-md5-hmac
R2(cfg-crypto-trans)# mode transport

R2(config)# crypto ipsec profile protect-gre
R2(ipsec-profile)# set security-association lifetime seconds 86400
R2(ipsec-profile)# set transform-set TS

R2(config)# interface Tunnel 0
R2(config-if)# tunnel protection ipsec profile protect-gre

3 Response to "GRE- IP/47"

  1. Vicky Ram says:

    Thanks For Your valuable posting, it was very informative

    mbatalks
    Guest posting sites

    Its a wonderful post and very helpful, thanks for all this information. You are including better information regarding this topic in an effective way. Thank you so much.
    Digital Marketing Course in Chennai
    Digital Marketing Training in Chennai
    Selenium Training in Chennai
    RPA Training in Chennai
    SEO Training in Chennai
    Software Testing Training in Chennai
    Digital Marketing Training in Annanagar

Post a Comment

Powered by Blogger