Protocols And Standards - HPE FlexNetwork HSR6800 Configuration Manual
Comware 7 layer 3, ip services
Hide thumbs
Also See for FlexNetwork HSR6800:
- Security command reference (538 pages) ,
- Configuration manual (482 pages) ,
- Command reference manual (153 pages)
Table of Contents
Advertisement
Constructing VPN
Figure 128 Network diagram
As shown in
Using a GRE tunnel can connect the two VPN sites across the WAN.
Operating with IPsec
Figure 129 Network diagram
As shown in
Packets (for example, routing protocol packets, voice data, and video data) are first encapsulated
with GRE and then with IPsec. GRE over IPsec delivers the following benefits:
•
Improves transmission security.
•
Allows IPsec to protect not only unicast packets. GRE supports encapsulating multicast,
broadcast, and non-IP packets. After GRE encapsulation, these packets become common
unicast packets, which can be protected by IPsec.
•
Simplifies IPsec configuration. Packets are first encapsulated by GRE. You can define the
packets to be protected by IPsec according to the GRE tunnel's source and destination
addresses, without considering the source and destination addresses of the original packets.
GRE and IPsec can also form IPsec over GRE tunnels. As a best practice, use GRE over IPsec
tunnels instead of IPsec over GRE tunnels.
For more information about IPsec, see Security Configuration Guide.
Protocols and standards
•
RFC 1701, Generic Routing Encapsulation (GRE)
•
RFC 1702, Generic Routing Encapsulation over IPv4 networks
•
RFC 2784, Generic Routing Encapsulation (GRE)
•
RFC 2890, Key and Sequence Number Extensions to GRE
Figure
128, Site 1 and Site 2 both belong to VPN 1 and are located in different cities.
Figure
129, GRE can be used together with IPsec to form a GRE over IPsec tunnel.
312
Advertisement
Table of Contents
Troubleshooting
