...
GRE (Generic Routing Encapsulation) is a network packet tunneling protocol. Its main purpose is to encapsulate packets of the OSI model network layer into IP packets. GRE may be used for VPN establishment on 3rd level of OSI model. In ESR router/WLC controller implemented static unmanageable GRE tunnels, i.e. tunnels are created manually via configuration on local and remote hosts. Tunnel parameters for each side should be mutually agreeable, otherwise transferred data will not be decapsulated by the partner.
...
Pre-configure interfaces on the routers devices for connection with WAN, enable GRE packets reception from a security zone where WAN connected interfaces operate.
...
Create route to the partner's local area network on the router/controller. Specify previously created GRE tunnel as a destination interface.
...
L2TPv3 (Layer 2 Tunnelling Protocol Version 3) is a protocol used for tunneling of 2nd level OSI model packets between two IP nodes. IP or UDP is used as an encapsulation protocol. L2TPv3 may be used as an alternative to MPLS P2P L2VPN (VLL) for L2 VPN establishment. In ESR router/WLC controller implemented static unmanageable L2TPv3 tunnels, i.e. tunnels are created manually via configuration on local and remote hosts. Tunnel parameters for each side should be mutually agreeable, otherwise transferred data will not be decapsulated by the partner.
...
Configure Remote Access IPsec VPN between R1 and R2 using the second IPsec authentication factor, XAUTH. Configure router device R1 as the IPsec VPN server, and router device R2 as the IPsec VPN client.
...
LT (Logical Tunnel) is a type of tunnels dedicated for transmission of routing information and traffic between different virtual routers devices (VRF) configured on a routerdevices. LT tunnel might be used for organization of interaction between two or more VRF using firewall restrictions.
...
Step | Description | Command | Keys |
|---|---|---|---|
1 | Create LT tunnels for each of existing VRF. | esr(config)# tunnel lt <ID> | <ID> – tunnel identifier, set in the range of [1..128]. |
2 | Specify the description of the configured tunnels (optional). | esr(config-lt)# description <DESCRIPTION> | <DESCRIPTION> – tunnel description, set by the string of up to 255 characters. |
3 | Include each LT tunnel in the corresponding VFR. | esr(config-lt)# ip vrf forwarding <VRF> | <VRF> – VRF name, set by the string of up to 31 characters. |
4 | Include each LT tunnel in a security zone and configure interaction rules between zones or disable firewall for LT tunnel. | esr(config-lt)# security-zone<NAME> | <NAME> – security zone name, set by the string of up to 12 characters. |
esr(config-lt)# ip firewall disable | |||
5 | For each LT tunnel, set the opposite LT tunnel number (in another VRF). | esr(config-lt)# peer lt <ID> | <ID> – tunnel identifier, set in the range of [1..128]. |
6 | For each LT tunnel, specify IP address for packets routing. For interacting LT tunnels, IP addresses should locate in one IP subnet. | esr(config-lt)# ip address <ADDR/LEN> | <ADDR/LEN> – IP address and prefix of a subnet, defined as AAA.BBB.CCC.DDD/EE where each part AAA-DDD takes values of [0..255] and EE takes values of [1..32]. |
7 | Enable the tunnels. | esr(config-lt)# enable | |
8 | For each VRF configure required routing protocols via LT tunnel. | ||
9 | Specify the time interval during which the statistics on the tunnel load is averaged (optional). | esr(config-lt)# load-average <TIME> | <TIME> – interval in seconds, takes values of [5..150]. Default value: 5. |
10 | Specify the size of MTU packets that can be passed by the bridge (optional; possible if only VLAN is included in the bridge). | esr(config-lt)# mtu <MTU> | <MTU> – MTU value, takes values in the range of:
Default value: 1500. |
...