M2M Cellular Gateway
Scenario Application Timing
Above diagram illustrates the security gateway in headquarters playing the GRE client
role. In fact, the GRE tunnel establishment can be started from either site. The GRE
tunnel is established by starting from GRE client, the Security Gateway 2 in Network‐B.
All client hosts behind the Security Gateway 2 or the mobile device can access the
resources in the Intranet of Network‐A at headquarters via this established GRE tunnel.
Usually, these hosts at GRE client peer access the Internet directly via the WAN
interface of Security Gateway 2. Only the packets whose destination is in the dedicated
subnet to Network‐A will be transferred via the GRE tunnel. But if GRE client peer is
configured to all packets are delivered via the GRE tunnel, as shown in the diagram by
configuring the GRE tunnel is the default gateway at GRE client peer, the Internet
accessing packets will be also sent to the Security Gateway 1 in Network‐A and be re‐
transferred to the Internet. That means the Internet accessing of GRE Client peer is also
controlled by the Security Gateway 1, the LGRE VPN server.
Scenario Description
GRE Tunneling is similar to IPSec Tunneling, client requesting the tunnel establishment
with the server. Both the client and the server must have a Static IP or a FQDN.
Any peer gateway can be worked as either a client or a server, even using the same set
of configuration.
GRE Tunneling protocol is used for establishing a GRE VPN tunnel.
If the GRE server at HQ supports DMVPN Hub function, like Cisco router as the VPN
concentrator, the GRE client at branch office can activate the DMVPN spoke function
here since it is implemented by GRE over IPSec tunneling.
The GRE Client's "Default Gateway/Remote Subnet" setting determines how the
Index skipping is used to reserve slots for new function insertion, when required.
230