1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

GRE VPN Tunnel and ip address command

Discussion in 'Routing & Switching' started by zillah, Apr 13, 2006.

  1. zillah

    zillah New Member

    9
    0
    1
    Code:
    [url="http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s23/fsgrevrf.htm"]http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s23/fsgrevrf.htm[/url]
    Code:
    [/b]
    interface tunnel0 
     
    ! 
    ! 
    [b]ip address 10.3.3.3 255.255.255.0[/b] 
     
    tunnel source loop 0 
     
    tunnel destination 10.5.5.5 
     
    ! 
    ! 
     
    



    I have got confused , since I have got a source ip address for a VPN tunnel , and a destination ip address for a VPN tunnel,,,,Why do I need to use ip address for the same tunnel
     
  2. MarkN

    MarkN Nibble Poster

    79
    3
    15
    Have you got VRF fowarding turned on?

    This allows source and destination endpoints to be on different networks - looking at your config 10.5.5.0 will need associating with a VRF so the packet can be routed out of the correct interface
     
    Certifications: MCSE NT4\W2K,CNE,CCEA,ASE
    WIP: CCNA
  3. zillah

    zillah New Member

    9
    0
    1
    Thanks MarkN

    It is there in the link that I have posted , but I omitted it, because my question is not about VRF.

    My query why do I need to use "ip address 10.3.3.3 255.255.255.0 " ?
     
  4. d-Faktor
    Honorary Member

    d-Faktor R.I.P - gone but never forgotten.

    810
    0
    39
    because you're defining an interface, namely the interface thru which the tunnel is routed?
     
  5. zillah

    zillah New Member

    9
    0
    1
    Do you mean when I typed in this command :

    interface tunnel 0

    That means I created two things,,,an interafce and a tunnel 0, then I have to assigne ip to the interface and another ip to the tunnel
     
  6. d-Faktor
    Honorary Member

    d-Faktor R.I.P - gone but never forgotten.

    810
    0
    39
    no, it means you created a virtual or logical interface called tunnel0 and you assigned 10.3.3.3 to it as the (virtual or logical) ip address.
     
  7. zillah

    zillah New Member

    9
    0
    1
    Ok, when I created virtual interface called tunnel 0 or tunnel 1,,,etc.....in my configuration I have got 3 ip addresses:

    A- loopback 0 (our scenario is 10.7.7.7), ip address of the beginning of the tunnel0,,,Am I right

    B- Destination ip address (our scenario is 10.5.5.5), ip address for the end of the tunnel0,,,,Am I right ?

    C- The last one ip address (our scenario is 10.3.3.3) where has this one been assigned ?
     
  8. d-Faktor
    Honorary Member

    d-Faktor R.I.P - gone but never forgotten.

    810
    0
    39
    no, tunnel0 is an interface. it is not the tunnel itself. 10.7.7.7 is the ip address for a different interface, namely loop0, which is the tunnel source.

    no, tunnel0 is an interface. it is not the tunnel itself. 10.5.5.5 is the ip address for an interface on a router in remote lan b, which is the tunnel destination.

    tunnel source and tunnel destination are both in vrf blue.

    it is the ip address assigned to the interface tunnel0.

    tunnel0 is in vrf green.

    perhaps this document will help clarify things.
     
  9. zillah

    zillah New Member

    9
    0
    1
    Thanks for this effort. You are right, I have to be blamed , when I posted the link, I did not mean to ask about the configuration in the link itself.

    But since some information in the link is similar to my lab scenario, therefore I posted the link in this forum.

    I should not have done that from the beginning, I should posted the lab itself, see below for more information.

    My lab scenario is this :

    A- Configure VPN between R44 (loopback44 150.1.44.44) and R66 (loopback66 150.1.66.66) .
    B- Use the ip address 190.2.45.x/24 for this VPN
    C- As an additional integrity check ensure that any any corrupt packets received on the VPN interface are discarded.

    Note: As you can see from the requirement above, it does not have VRF, therefore I did not bother about it when I posted my early thread.

    Solution is :


    R44:






    interface Tunnel2


    ip address 190.2.45.4 255.255.255.0

    tunnel source Loopback44

    tunnel destination 150.1.66.66

    tunnel checksum

    !







    R66:






    interface Tunnel2


    ip address 190.2.45.6 255.255.255.0

    tunnel source Loopback66

    tunnel destination 150.1.44.44

    tunnel checksum

    My comment

    1- We specify the source and destination IP addresses that the tunnel
    will use for control traffic. These addresses are the source and final destination of the GRE traffic.,,,,Am I right


    2- You can see that the source and destination addresses for the tunnel are loopback addresses,,,,,,for R44 the source is loopback 44 and the destination is loopback 66, for R66 is vice versa,,,,Am I right ?


    3- Gentle reminder that the solution does not use any VRF.


    4- What are the point of using ip addresses 190.2.45.4 and 190.2.45.6 , if we already has assigned source and destination ip addresses to our tunnel form R44 to R66 ?,,,,I will go through your posted document, and I hope it explains my point.


     
  10. d-Faktor
    Honorary Member

    d-Faktor R.I.P - gone but never forgotten.

    810
    0
    39
    the source and destionation addresses are the endpoints of the tunnel to and fro which the passenger protocol is being transferred.

    what is your question? yes, i can see that is what you are doing. no, i would use the ethernet interfaces, not loopback interfaces.

    duly noted.

    because a tunnel is a point-to-point link, including the endpoints. your tunneling encapsulation should be implemented via a virtual interface.

    i have a feeling that semantics are taking us further from the concepts. i suggest you go back to the cisco documents on tunneling in general, and gre tunneling specifically, as i'm sure it will be explained much better than i can.
     
  11. zillah

    zillah New Member

    9
    0
    1
    Thanks d-Faktor for your time and effort and your patient in explaination.

    I will go through cisco documentation.
     
  12. zillah

    zillah New Member

    9
    0
    1
    I tried to search the net about some documentation that expalin and clarify my confusion, but I coud not find some thing relavent, beside your document I found this as well

    http://www.cisco.com/en/US/tech/tk827/tk369/tech_configuration_examples_list.html#anchor1

    But they only show me the configuration for VPN tunnel and they did not explain why they using it.

    If you are aware of any other documentation, could you please let me know.

    Thanks
     

Share This Page

Loading...