In this tutorial, we will illustrate how to successfully configure a GRE tunnel between two Cisco routers through a service provider cloud.
Remember to make sure the two tunnel interfaces that terminate the two ends of the tunnel must be on the same subnet, since they are logically directly connected. They are basically treated like any point-to-point interface. Lastly, make sure you have end-to-end routing to & from the source / destination addresses used by each tunnel endpoint. This includes routing to these address in the backbone of the network.
| SYNTAX | DESCRIPTION |
| router A | |
| conf t | Enter global configuration mode |
| interface tunnel 1 | Create GRE tunnel interface |
| ip address 192.168.1.1 255.255.255.252 | Configures IP address on tunnel interface |
| tunnel destination 12.1.2.2 | Define tunnel destination as router B’s serial IP |
| tunnel source 12.1.1.2 | Define tunnel source as router A’s serial IP |
| router B | |
| conf t | Enter global configuration mode |
| interface tunnel 1 | Create GRE tunnel interface |
| ip address 192.168.1.2 255.255.255.252 | Configures IP address on tunnel interface |
| tunnel destination 12.1.1.2 | Define tunnel destination as router B’s serial IP |
| tunnel source 12.1.2.2 | Define tunnel source as router A’s serial IP |
In this example, we need to set up a tunnel between router A & router B & hide our internal network from the service provider. The routers will statically route all traffic destined to private networks via the GRE next hop address. This will allow the private networks to be encapsulated with a GRE header that will essentially hide our internal source / destination addresses. The first thing we will need to do on both routers is create the tunnel interfaces, the tunnel source, and destination addresses.
The tunnel source & destination addresses must be reachable through the service provider’s network in order for the tunnel to be established. However, the tunnel interface IPs do not need to be (probably better they are not) reachable directly from the service provider's internal routers.
Next, we will need to add the appropriate static routes to allow for the GRE tunnel to be established. Also, we will add an additional route to get to the remote router’s LAN segments:
| SYNTAX | DESCRIPTION |
| router A | |
| conf t | Enter global configuration mode |
| ip route 12.1.2.2 255.255.255.255 12.1.1.1 | Route to get to tunnel destination (router B) |
| ip route 20.1.1.0 255.255.255.0 192.168.1.2 | Route to get to router B’s LAN subnet (note: next hop is the tunnel interface off router B) |
| router B | |
| conf t | Enter global configuration mode |
| ip route 12.1.1.2 255.255.255.255 12.1.2.1 | Route to get to tunnel destination (router A) |
| ip route 30.1.1.0 255.255.255.0 192.168.1.1 | Route to get to Router B’s LAN subnet (note: next hop is the tunnel interface off router A) |
