D-Link DFL-1660 User Manual page 123
Network security firewall
Hide thumbs
Also See for DFL-1660:
- User manual (483 pages) ,
- Installation manual (45 pages) ,
- Reference manual (948 pages)
Table of Contents
Advertisement
3.4.5. GRE Tunnels
GRE does not provide any security features but this means that its use has extremely low overhead.
Using GRE
GRE is typically used to provide a method of connecting two networks together across a third
network such as the Internet. The two networks being connected together communicate with a
common protocol which is tunneled using GRE through the intervening network. Examples of GRE
usage are:
•
Traversing network equipment that blocks a particular protocol.
•
Tunneling IPv6 traffic across an IPv4 network.
•
Where a UDP data stream is to be multicast and it is necessary to transit through a network
device which does not support multicasting. GRE allows tunneling though the network device.
GRE Security and Performance
A GRE tunnel does not use any encryption for the communication and is therefore not, in itself,
secure. Any security must come from the protocol being tunneled. The advantage of GRE's lack of
encryption is the high performance which is achievable because of the low traffic processing
overhead.
The lack of encryption can be acceptable in some circumstances if the tunneling is done across an
internal network that is not public.
Setting Up GRE
Like other tunnels in NetDefendOS such as an IPsec tunnel, a GRE Tunnel is treated as a logical
interface by NetDefendOS, with the same filtering, traffic shaping and configuration capabilities as
a standard interface. The GRE options are:
•
IP Address
This is the IPv4 address of the inside of the tunnel on the local side. This cannot be left blank
and must be given a value.
The specified IP address is then used for the following:
i.
An ICMP Ping can be sent to this tunnel endpoint.
ii.
Log messages related to the tunnel will be generated with this IP address as the source.
iii. If NAT is being used then it will not be necessary to set the source IP on the IP rule that
performs NAT on traffic going through the tunnel. This IP address will be used as the
source address for NAT.
•
Remote Network
The remote network which the GRE tunnel will connect with.
•
Remote Endpoint
This is the IPv4 address of the remote device which the tunnel will connect with.
•
Use Session Key
A unique number can optionally be specified for the tunnel. This allows more than one GRE
tunnel to run between the same two endpoints. The Session Key value is used to distinguish
123
Chapter 3. Fundamentals
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
