From: Justin Menga (Justin.Menga@xxxxxxxxxxxxxxxxxx)
Date: Mon Nov 13 2000 - 17:33:40 GMT-3
If you think of a normal tunnel and what you use it for, you are creating a
virtual link between two routers at the network layer of another protocol
(e.g. IPX, Appletalk) over IP encapsulation.
e.g. with tunnelling you could have a virtual link between R1 and R3 and
assign IPX network 30.
-------------R1------------------R2------------------R3-----------------
IPX 10 IP Only IP Only IPX 20
(<---------------IPX 30-------------->)
So with IP, you can also do the same, you are just encapsulating IP within
IP. What this is useful for is for example the Internet. R1 above is an
Internet router and the inside network has private RFC1918 addressing.
Assume the same for R3. R2 is "the Internet". Now if a host inside R1 sent
a packet to a host in R3, the packet would go nowhere as the addressing is
illegal on the internet. What you could do is create a virtual link between
R1 and R3 (please don't get confused with OSPF virtual-links, totally
different). Effectively you create a tunnel interface at each end and
assign an IP address to it. Think of the tunnel interfaces as being
directly connected.
e.g.
R1:
int e0
ip address 10.1.1.1 255.255.255.0
int s0
ip address 200.100.100.1 255.255.255.0
int tu0
ip address 10.10.10.1 255.255.255.0
tunnel source s0
tunnel destination 203.100.100.1
R3:
int e0
ip address 10.3.1.1 255.255.255.0
int s0
ip address 203.100.100.1 255.255.255.0
int tu0
ip address 10.10.10.3 255.255.255.0
tunnel source s0
tunnel destination 200.100.100.1
We have created a "virtual" subnet 10.10.10.0/24 which links the two private
networks.
Regards,
Justin Menga MCSE+I CCNP CCSE ASE
WAN Specialist
Computerland New Zealand
PO Box 3631, Auckland
DDI: (+64) 9 360 4864 Mobile: (+64) 25 349 599
mailto: justin.menga@computerland.co.nz
-----Original Message-----
From: Varghese Thomas [mailto:vnthomas@hotmail.com]
Sent: Saturday, 11 November 2000 12:33 p.m.
To: Mosley, Arthur; 'Dave Gahm '; 'robert patterson ';
ccielab@groupstudy.com
Subject: Re: vpn's
Hello
Could I get a sample config of a GRE tunneling..
Thanks for the support in advance.
Tx n Rd
----- Original Message -----
From: Mosley, Arthur <Arthur.Mosley@wang.com>
To: 'Dave Gahm ' <gahm@gci.net>; 'robert patterson ' <rpatters@access1.net>;
<ccielab@groupstudy.com>
Sent: Thursday, April 20, 2000 5:11 AM
Subject: RE: vpn's
> A VPN can be a plain old GRE tunnel tunneling IP...it does not require
> encrpytion unless they say so!
>
> Don't forget, you can always ASK THE PROCTOR.
>
> Art
>
> -----Original Message-----
> From: Dave Gahm
> To: robert patterson; ccielab@groupstudy.com
> Sent: 4/19/00 11:12 PM
> Subject: Re: vpn's
>
> Robert,
>
> I have two suggestions.
>
> 1. Read the lab instructions carefully to determine what is, or isn't
> required.
>
> 2. Read the non-disclosure agreement just as carefully to determine what
> should, or should not, be posted on this study group.
>
> Dave
>
>
> -----Original Message-----
> From: robert patterson < rpatters@access1.net
> <mailto:rpatters@access1.net> >
> To: ccielab@groupstudy.com <mailto:ccielab@groupstudy.com> <
> ccielab@groupstudy.com <mailto:ccielab@groupstudy.com> >
> Date: Wednesday, April 19, 2000 3:54 PM
> Subject: vpn's
>
>
>
> At my last lab, I ran across a VPN configuration issue.
> I had always thought that VPN's required ipsec software
> but the router was not so enabled. Maybe this is a perception
> problem on my behalf, but I have had the same comments from
> other recent visitors to the lab. I guess the question is what
> can be considered a valid VPN. A tunnel, a tunnel with
> authentication....
>
>
> Robert Patterson
> Senior Systems Engineer
> KentDatacomm
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:44 GMT-3