Foundry Networks AR3201-CL ユーザーズマニュアル
Security Features
June 2004
© 2004 Foundry Networks, Inc.
15 - 45
Configuring GRE
Generic Routing Encapsulation (GRE) is a standards-based (RFC1701, RFC2784) tunneling protocol that can
encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link between
routers at remote points over an IP network. A tunnel is a logical interface that provides a way to encapsulate
passenger packets inside a transport protocol. By connecting multiprotocol subnetworks in a single-protocol
backbone environment, IP tunneling using GRE allows network expansion across a single-protocol backbone
environment.
encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link between
routers at remote points over an IP network. A tunnel is a logical interface that provides a way to encapsulate
passenger packets inside a transport protocol. By connecting multiprotocol subnetworks in a single-protocol
backbone environment, IP tunneling using GRE allows network expansion across a single-protocol backbone
environment.
IPSec and GRE complement each other well, while IPSec provides a secure method of transporting data across
the internet GRE provides the capability to transport routing protocols (for example: OSPF) that use broadcast and
multicast.
the internet GRE provides the capability to transport routing protocols (for example: OSPF) that use broadcast and
multicast.
Router1# show crypto ipsec sa all
Policy Dest IP Spi Bytes Transform
------ ------- --- ----- ---------
INsales 172.16.0.1 0xbba97427 840 esp-aes-sha1-tunl
sales 192.168.107.105 0xcb0e23f3 560 esp-aes-sha1-tunl
Router1#
Router1# show crypto ipsec sa all detail
Crypto Policy name: INsales
Protocol is Any
Local ident(ip/mask/port): (20.1.1.1/255.255.255.255/any)
Remote ident(ip/mask/port): (10.0.1.0/255.255.255.0/any)
Peer Address is 172.16.0.1, PFS Group is disabled
inbound ESP sas
Spi: 0xbba97427
Transform: aes256 (key length=256 bits), sha1
In use settings = {tunnel}
Bytes Processed 840
Hard lifetime in seconds 28750, Hard lifetime in kilobytes is
unlimited
Soft lifetime in seconds 0, Soft lifetime in kilobytes is
unlimited
Crypto Policy name: sales
Protocol is Any
Local ident(ip/mask/port): (10.0.1.0/255.255.255.0/any)
Remote ident(ip/mask/port): (20.1.1.1/255.255.255.255/any)
Peer Address is 192.168.107.105, PFS Group is disabled
outbound ESP sas
Spi: 0xcb0e23f3
Transform: aes256 (key length=256 bits), sha1
In use settings = {tunnel}
Bytes Processed 560
Hard lifetime in seconds 28750, Hard lifetime in kilobytes is
unlimited
Soft lifetime in seconds 28720, Soft lifetime in kilobytes is
unlimited