GRE Tunnel on Cisco 7600-SUP720

Hi all.
We work on a Cisco7600 with SUP720-BXL.
We need to create some VRF-Aware GRE Tunnels.
Are there some limit to the number of GRE Tunnel interfaces ?
What are the throughput performance expected ?
Is there some impact to the CPU load ?
Thank you very much.

Hi,
the limit comes from scalability considerations.
On Sup720 in order to have full hardware acceleration each and every GRE interface MUST have a unique source.
If you share the same source (i.e. same loopback interface) across all the GRE tunnels traffic will be software switched (by the CPU) and the limit will be the inband channel (IBC) path to/from the RP which is 1Gbps.
Hence the actual limit is the number of free IP addresses you have.
CSCdy72539 documents this.
Also, if your Sup720 is supposed to handle both the GRE encapsulation and the MPLS imposition/disposition the command "mls mpls tunnel-recir" is needed to avoid packet corruption.
If GRE are correctly handled in hw no impact to the CPU is expected.
About the performance you can expect the same troughtput you have from other interfaces minus the overhead coming from packets recirculation (enabled by the command above) which is minor.
Regards,
Riccardo

Similar Messages

GRE Tunnel on cisco 831

Hi ,
Who can tell me how to config ipsec over GRE tunnel when remote side useing dynamic ip !
Thanks!

Cisco has introduced a feature designed to do exactly what you are asking. You can configure an IPSec VPN over GRE tunnel where the remote has dynamic IP using the feature of Dynamic Multipoint VPN (DMVPN).
The key concept here is that the remote side must initiate the tunnel to the central side. In the message requesting the tunnel the remote indicates what address the central should use as the tunnel destination.
I have configured it in the lab and it worked pretty well. I have not yet used it in a production environment.
This URL should help you get started with this:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110ba1.html
HTH
Rick

GRE IPSec between Cisco 2811 and FortiGate 110C

Hello,
Does anybody know if it is possible to configure GRE IPSec tunnel between Cisco 2811 router and FortiGate 110C firewall? I know that FortiGate supports IPSec and GRE tunnels, but maybe somebody succeeded in establishing an IPSec GRE between those routers? Could you also give a link to the appropriate documentation if it is possible?

Hi,
You can configure the GRE tunnel on the 2811.
I'm aware that you can configure sort of a GRE tunnel on the Fortinet as well, but I have not seen a GRE tunnel between a Cisco and other vendor.
I've only seen GRE tunnels between Cisco devices (however I have not tried it to assure you that it will not work :-()
Federico.

How many numbers of GRE Tunnels are supported on Cisco 3925 router?

Hi...
I would like to know that.......
How many numbers of GRE Tunnels are supported on Cisco 3925 router?
Thanks....

This is what I found in my search:
There may be factors such as memory constraints that will place practical limits on how many tunnels you can support. But there is also a hard limit on the number of tunnels that you can configure. That limit is based on the limitation of the number of IDBs supported by your router. The IDB is the Interface Descriptor Block and each interface (physical, or tunnel, or loopback, or whatever) requires an IDB. The number of IDBs will vary by platform and sometimes by release level of the code that you are running. You can use the privileged command show idb to see what the limitation is on your router. On the 1841 router that I just checked the limit on IDB is 1200 (which is a pretty large number - I believe that you would encounter other limits on performance or on size of configuration before you exhaust the IDB limit).
https://supportforums.cisco.com/thread/2007932
Hope it helps.
Jatin Katyal
- Do rate helpful posts -

GRE tunnel feature limitation on Cisco Catalyst 4500X

Hi,
I have a customer with three sites. They have the Cisco catalyst 4500-X at each sites and wish to create GRE tunnels between each of these switches.
I have a vague reference which tells me the Cisco cat 4500-x or any cat 4500 for that matter does have severe limitations when GRE tunnels are created, especially limiting the bandwidth to 70kbps. Its also not recommended for data traffic but control plane traffic.
Please advice.

No experts to answer this?

GRE tunnel could not be used by the hosts connected to the router

Hi,
I am using cisco ASR1013 (RP2) and a Mikrotik Router for setting up a GRE tunnel for LAN to LAN routing over a broadband link. The tunnel works fine (able to ping tunnel end points and also all the connected interfaces on both the Mikrotik and Cisco ASR) but the hosts that are connected directly to the Cisco router interface over a layer 2 cisco switch are unable to connect (ping) the hosts or connected interfaces on the mikrotik side. I am sure its not a mikrotik issue as i dont see any traffic coming through the tunnel using the mikrotik torch utility. There are no ACL's or firewall rules on any of the devices......
Source and destination of the tunnel are public IP's and are pingable via internet (The tunnel is connected and endpoints are pingable)
Mikrotik connected interface IP = 192.168.253.1/24
Mikrotik tunnel end point IP = 192.168.254.1/30
Cisco tunnel end point IP = 192.168.254.2/30
Connected cisco subnet to reach Mikrotik = M.N.O.32/28
Cisco interface IP for LAN = M.N.O.33
Test host IP on the LAN subnet = M.N.O.34
The below is my Cisco config
ASR-1#sh run int tun 1
Building configuration...
Current configuration : 144 bytes
interface Tunnel1
ip address 192.168.254.2 255.255.255.252
ip mtu 1400
tunnel source A.B.C.D
tunnel destination W.X.Y.Z
end
ASR-1#sh run int g0/1/7
Building configuration...
Current configuration : 280 bytes
interface GigabitEthernet0/1/7
description LAN
ip address M.N.O.33 255.255.255.240
ip verify unicast source reachable-via rx
no negotiation auto
cdp enable
end
ASR-1#sh ip ro 192.168.253.1
Routing entry for 192.168.253.0/24
Known via "static", distance 1, metric 0 (connected)
Routing Descriptor Blocks:
* directly connected, via Tunnel1
Route metric is 0, traffic share count is 1
ASR-1#ping 192.168.253.1 so M.N.O.33
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.253.1, timeout is 2 seconds:
Packet sent with a source address of M.N.O.33
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/6 ms
ASR-1#pi M.N.O.34
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to M.N.O.34, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
If i try to ping 192.168.253.1 (network connected to Mikrotik) from the host M.N.O.34 (the gateway of this host is M.N.O.33 - Int g0/1/7 of the Cisco ASR), i cannot reach detination - request timed out.... Below are the results of trace and ping from the host connected to ASR G1/0/7
PING TO THE GATEWAY *********
[root@localhost ~]# ping M.N.O.33
PING M.N.O.33 (M.N.O.33) 56(84) bytes of data.
64 bytes from M.N.O.33: icmp_seq=1 ttl=255 time=0.161 ms
64 bytes from M.N.O.33: icmp_seq=2 ttl=255 time=0.143 ms
^C
--- M.N.O.33 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1357ms
rtt min/avg/max/mdev = 0.143/0.152/0.161/0.009 ms
PING TO THE TUNNEL END POINT IN CISCO ASR
[root@localhost ~]# ping 192.168.254.2
PING 192.168.254.2 (192.168.254.2) 56(84) bytes of data.
64 bytes from 192.168.254.2: icmp_seq=1 ttl=255 time=0.141 ms
64 bytes from 192.168.254.2: icmp_seq=2 ttl=255 time=0.141 ms
^C
--- 192.168.254.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1739ms
rtt min/avg/max/mdev = 0.141/0.141/0.141/0.000 ms
PING TO THE TUNNEL ENDPOINT IN MIKROTIK
[root@localhost ~]# ping 192.168.254.1
PING 192.168.254.1 (192.168.254.1) 56(84) bytes of data.
^C
--- 192.168.254.1 ping statistics ---
11 packets transmitted, 0 received, 100% packet loss, time 10413ms
PING TO THE CONNECTED INTERFACE ON MIKROTIK
[root@localhost ~]# ping 192.168.253.1
PING 192.168.253.1 (192.168.253.1) 56(84) bytes of data.
^C
--- 192.168.253.1 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3641ms
TRACE TO THE CONNECTED INTERFACE ON MIKROTIK
[root@localhost ~]# traceroute 192.168.253.1
traceroute to 192.168.253.1 (192.168.253.1), 30 hops max, 60 byte packets
1 M.N.O.33 (M.N.O.33) 0.180 ms 0.156 ms 0.145 ms
2 * * *
3 * * *
4 * * *
5 * * *
Please help

Hi,
Sorry for the delayed response ....Both ends static routes are added for the connected test interfaces.....
Regards,
Mahesh

IP routing utilizing Verizon private network (GRE tunnel) with remote cellular gateways

Okay, I give up, and think I have done my due diligence (I have been engrossed and fascinated spending many more hours than allotted to try and learn some of the finer details). Time for some advice. My usual trade is controls engineering which generally require only basic knowledge of networking principals. However I recently took a job to integrate 100 or so lift stations scattered around a county into a central SCADA system. I decided to use cellular technology to connect these remote sites back to the main SCADA system. Well the infrastructure is now in and it’s time to get these things talking. Basic topology description is as follows: Each remote site has an Airlink LS300 gateway. Attached to the gateway via Ethernet is a system controller that I will be polling via Modbus TCP from the main SCADA system. The Airlinks are provisioned by Verizon utilizing a private network with static IP's. This private networks address is 192.168.1.0/24. Back at the central office the SCADA computer is sitting behind a Cisco 2911. The LAN address of the central office is 192.168.11.0/24. The 2911 is utilizing GRE tunnels that terminate with Verizon. The original turn up was done with another contractor that did a basic config of the router which you will find below. As it stands now I am pretty confident the tunnels are up and working (if I change a local computers subnet to 255.255.0.0 I can surprisingly reach the airlinks in the field), but this is obviously not the right way to solve the problem, not to mention I was unable to successfully poll the end devices on the other side of the Airlinks. I think I understand just about every part of the config below and think it is just missing a few items to be complete. I would greatly appreciate anyone’s help in getting this set up correctly. I also have a few questions about the set up that still don’t make sense to me, you will find them below the config. Thanks in advance.
no aaa new-model
ip cef
ip dhcp excluded-address 10.10.10.1
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
ip domain name yourdomain.com
no ipv6 cef
multilink bundle-name authenticated
username cisco privilege 15 one-time secret
redundancy
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key AbCdEf01294 address 99.101.15.99
crypto isakmp key AbCdEf01294 address 99.100.14.88
crypto ipsec transform-set VZW_TSET esp-3des esp-md5-hmac
mode transport
crypto map VZW_VPNTUNNEL 1 ipsec-isakmp
description Verizon Wireless Tunnel
set peer 99.101.15.99
set peer 99.100.14.88
set transform-set VZW_TSET
match address VZW_VPN
interface Tunnel1
description GRE Tunnel to Verizon Wireless
ip address 172.16.200.2 255.255.255.252
tunnel source 22.20.19.18
tunnel destination 99.101.15.99
interface Tunnel2
description GRE Tunnel 2 to Verizon Wireless
ip address 172.16.200.6 255.255.255.252
tunnel source 22.20.19.18
tunnel destination 99.100.14.88
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 10.10.10.1 255.255.255.248
shutdown
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 192.168.11.1 255.255.255.0
duplex auto
speed auto
interface GigabitEthernet0/2
ip address 22.20.19.18 255.255.255.0
duplex full
speed 100
crypto map VZW_VPNTUNNEL
router bgp 65505
bgp log-neighbor-changes
network 0.0.0.0
network 192.168.11.0
neighbor 172.16.200.1 remote-as 6167
neighbor 172.16.200.5 remote-as 6167
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip route 0.0.0.0 0.0.0.0 22.20.19.19
ip access-list extended VZW_VPN
permit gre host 99.101.15.99 host 22.20.19.18
permit icmp host 99.101.15.99 host 22.20.19.18
permit esp host 99.101.15.99 host 22.20.19.18
permit udp host 99.101.15.99 host 22.20.19.18 eq isakmp
permit gre host 22.20.19.18 host 99.101.15.99
permit gre host 22.20.19.18 host 99.100.14.88
access-list 23 permit 10.10.10.0 0.0.0.7
control-plane
end
So after spending countless hours analyzing every portion of this, I think that adding one line to this will get it going (or at least closer).
ip route 192.168.1.0 255.255.0.0 22.20.19.19
That should allow my internal LAN to reach the Airlink gateways on the other side of the tunnel (I think)
Now for a couple of questions for those that are still actually hanging around.
#1 what is the purpose of the Ethernet address assigned to each tunnel? I only see them being used in the BGP section where they are receiving routing tables from the Verizon side (is that correct?). Why wouldn't or couldn't you just use the physical Ethernet address interface in its place (in the BGP section)?
#2 is the config above correct in pointing the default route to the physical Ethernet address? Does that force the packets into the tunnel, or shouldn’t you be pointing it towards the tunnel IP's (172.16.200.2)? If the config above is correct then I should not need to add the route I described above as if I ping out to 192.168.1.X that should catch it and force it into the tunnel where Verizon would pick it up and know how to get it to its destination??
#3 Will I need to add another permit to the VZW_VPN for TCP as in the end I need to be able to poll via Modbus which uses port 502 TCP. Or is TCP implicit in some way with the GRE permit?
I actually have alot more questions, but I will keep reading for now.
I really appreciate the time you all took to trudge through this. Also please feel free to point anything else out that I may have missed or that can be improved. Have a great day!

This post is a duplicate of this thread
https://supportforums.cisco.com/discussion/12275476/proper-routing-lan-through-verizon-private-network-gre-airlink-gateways
which has a response. I suggest that all discussion of this question be done through the other thread.
HTH
Rick

When do i have to use a gre over ipsec tunnel? i have heard that when i m using a routing protocol and vpn site to site i need a gre tunnel

i have configured a network with ospf and a vpn site to site without gre tunnel and it works very well. I want to know, when do i have to use gre tunnel over ipsec

Jose,
It sounds like you currently have an IPsec Virtual Tunnel Interface (VTI) configured. By this, I mean that you have a Tunnel interface running in "tunnel mode ipsec ipv4" rather than having a crypto map applied to a physical interface. In the days before VTIs, it was necessary to configure GRE over IPsec in order to pass certain types of traffic across an encrypted channel. When using pure IPsec with crypto maps, you cannot pass multicast traffic without implementing GRE over IPsec. Today, IPsec VTIs and GRE over IPsec accomplish what is effectively the same thing with a few exceptions. For example, by using GRE over IPsec, you can configure multiple tunnels between two peers by means of tunnels keys, pass many more types of traffic rather than IP unicast and multicast (such as NHRP as utilized by DMVPN), and you can also configure multipoint GRE tunnels whereas VTIs are point to point.
Here's a document which discusses VTIs in more depth: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-3s/sec-sec-for-vpns-w-ipsec-xe-3s-book/sec-ipsec-virt-tunnl.html#GUID-A568DA9D-56CF-47C4-A866-B605804179E1
HTH,
Frank

How to create tunnel in cisco router

Please give me command wise configuration about creating tunnel in router as:
tunnel ip address:-
destination ip
source ip:-
any other command

Hello Sunil,
I guess what Jed wants to stress is that prior to IOS 12.2(8)T, a tunnel interface would not go down even if the underlying physical connection would go down. As of IOS 12.2(8)T, you can configure keepalives on the tunnel interface, which cause the interface to go down when the keepalives are missed.
Check this document for details:
Cisco IOS Software Releases 12.2 T
Generic Routing Encapsulation (GRE) Tunnel Keepalive
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087cec.html
As for the tunnel configuration itself, in addition to a basic GRE tunnel as mentioned in the post above, there are additional ways to configure a tunnel. In the links below, you find many configuration examples:
Generic Routing Encapsulation (GRE)
Introduction
http://www.cisco.com/en/US/customer/tech/tk827/tk369/tk287/tsd_technology_support_sub-protocol_home.html
IPSec Negotiation/IKE Protocols
Configuration Examples and TechNotes
http://www.cisco.com/en/US/customer/tech/tk583/tk372/tech_configuration_examples_list.html
Regards,
GNT

Cisco 7600 in MPLS

Hello,
1)
I have a question regarding Cisco 7600/6500 ( sup720 exactely) in MPLS.
I've read in documentation and also in some forum posts that "show mpls cef" is not MPLS aware command and should be used only for IP traffic. But still in some Cisco documents you can find that it is recommended on Cisco 7600/6500 for MPLS to use show mls cef instead of show ip cef (wether it is P or PE device in MPLS).
Does anyone know what is true?
2)
Also when load balancing is involved in MPLS with Cisco 7600/6500 (sup720)
P=======PE (P and PE are 7600 and there are two paralle link with the same cost between them).
In documentation can be found that in MPLS, CEF is still in charge for load sharing (src-dst IP header based) except for hardware based platforms.
Since 7600 is hardware based platform does it have some other load sharing method or it is also CEF based?
Thanks in advance.
Regards,
A.

Hi Prima,
This question has been already answered several times and the answer is still the same :-) : it's not supported on 7600 platform due to hardware limitation.
HTH
Laurent.

Best way to pass IPv4 and IPv6 traffic over a GRE Tunnel

Hello,
We have two 3825 routers with Advanced Enterprise IOS 12.4.9(T). Each of them serves many IPv4 (private and public) and IPv6 networks on their respective site.
We have created a wireless link between the two, using 4 wireless devices, with IP Addresses 10.10.2.2, 3, 4, 5 respectively (1 and 6 are the two end Ethernet interfaces on the routers).
Then we created a GRE tunnel over this link using addresses 172.16.1.1 and 2 (for the two ends) to route traffic over this link.
Now we want to route IPv6 traffic over the same link. However, we found that simply routing the IPv6 traffic over the above GRE / IP tunnel did not work.
Questions:
Is there a way we can use the same (GRE / IP) tunnel to transport both IPv4 and IPv6 traffic?
If not, can we setup two GRE tunnels over the same wireless link, that is, one GRE / IP for IPv4 traffic and a second one GRE / IPv6 for IPv6 traffic?
In brief, what is the suggested way to transport IPv4 and IPv6 traffic over the aforementioned (wireless) link?
I have read http://www.cisco.com/c/en/us/td/docs/ios/12_4/interface/configuration/guide/inb_tun.html#wp1061361 and other Internet material, however I am still confused.
Please help.
Thanks in advance,
Nick

We have set up two tunnels over the same link, one GRE / IP for the IPv4 traffic and one IPv6 / IP ("manual") for the IPv6 traffic. This setup seems to be working OK.
If there are other suggestions, please advise.
Thanks,
Nick

Tcp mss adjust calculation for GRE tunnel over DSL line

hi guys,
need your advice on this one, as i search on cisco.com and netpro but unable to find the exact info that i required.
First, can anyone confirm the following calculation to find out MSS size.
Mss size = MTU size - encapsulation size - tcp header size
So for normal case;
MSS = 1500 - 48 (48 is the tcp/ip header)
so MSS = 1452
Thus in my case GRE tunnel over DSL connection;
MSS = 1492 - 24 - 48 (24 is the GRE encap; 48 is the tcp/ip header)
MSS = 1420
is this correct?
Secondly, where should the ip tcp mss-adjust to be implemented. Is it at the Dialer(DSL) interface or at Tunnel interface?

I don't use the math (it doesn't work for me probably b/c I miss something). Here's how I do it-
C:\>ping 10.125.0.250 -f -l 1600
Pinging 10.125.0.250 with 1600 bytes of data:
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Ping statistics for 10.125.0.250:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\>ping 10.125.0.250 -f -l 1500
Pinging 10.125.0.250 with 1500 bytes of data:
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Ping statistics for 10.125.0.250:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\>ping 10.125.0.250 -f -l 1400
Pinging 10.125.0.250 with 1400 bytes of data:
Reply from 10.125.0.250: bytes=1400 time=19ms TTL=251
Reply from 10.125.0.250: bytes=1400 time=19ms TTL=251
Reply from 10.125.0.250: bytes=1400 time=19ms TTL=251
Reply from 10.125.0.250: bytes=1400 time=19ms TTL=251
Ping statistics for 10.125.0.250:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 19ms, Average = 19ms
C:\>ping 10.125.0.250 -f -l 1450
Pinging 10.125.0.250 with 1450 bytes of data:
Reply from 10.125.0.250: bytes=1450 time=19ms TTL=251
Reply from 10.125.0.250: bytes=1450 time=20ms TTL=251
Reply from 10.125.0.250: bytes=1450 time=19ms TTL=251
Reply from 10.125.0.250: bytes=1450 time=19ms TTL=251
Ping statistics for 10.125.0.250:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 20ms, Average = 19ms
C:\>ping 10.125.0.250 -f -l 1475
Pinging 10.125.0.250 with 1475 bytes of data:
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Ping statistics for 10.125.0.250:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\>ping 10.125.0.250 -f -l 1470
Pinging 10.125.0.250 with 1470 bytes of data:
Reply from 10.125.0.250: bytes=1470 time=19ms TTL=251
Reply from 10.125.0.250: bytes=1470 time=22ms TTL=251
Reply from 10.125.0.250: bytes=1470 time=20ms TTL=251
Reply from 10.125.0.250: bytes=1470 time=19ms TTL=251
Ping statistics for 10.125.0.250:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 22ms, Average = 20ms
C:\>
1470 works and has a little bit of extra room. The tcp mss-adjust should be done on the LAN interface.
Hope it helps.

URGENT: MPLS P/ PE support on 7600/Sup720-BXL and 3750 Metro switch

I'm need to design a MPLS network for a Cable Operator.
They will start small with some Cisco CMTS doing MPLS-PE and needing only two devices to aggregate these PE and delivering Services (Internet connection, VoD, ...) , so they will need to work has P/PE.
For that I want to know if it's possible to:
1 - Use 3750 Metro and 7600/Sup720-BXL as P and PE
2 - Who many customers (L2VPN/VLANs and/or L3VPN/VRF) can they support?
Searching in CCO I found these values/features but, need URGENT to check:
1 - sup720-bxl supports P and PE but 3750 only PE?
2 - 3750 supports 1024 VLANs and 8,192 MPLS labels but no values on L3VPN/VRF?
SUP720 supports more than 1000 VRF?
Really need urgent HELP on this design/capabilities for these two devices.
Thanks in advance,
MP
Network Consultant - CCIE

before you even get anywhere close to the numbers of L2/L3 on a 7200 I would seriously consider asking what throughput you can get through a 7200 with MPLS, QOS, L3vpns and L2vpns configured. I have done this testing already but dont think it is appropriate to quote the figures publically.

GRE tunnel

Hi,
Can i use my WAN interface ip as the GRE tunnel source ip in my cisco router.
Is there any issue if i'am assigning a private ip to the GRE tunnel interface.

Hi,
Concept is very simple, GRE tunnels source and destination must be reachable via any means for GRE tunnels to work.
IP address on GRE tunnels can be unnumbered to other physical or loopback interface or can be configured with static (ip address i.i.i.i m.m.m.m.m). I prefer to use static /30 or /31 IP, make life easier to confirm GRE tunnels works by ping test to remote end IP.
Can use any valid IP (private or public - depends on requirement).

How to setup GRE tunnel on a 3005

Does the vpn3005 support GRE tunnels and how do I configure it? Reference paper will be fine.
Thanks
/Bent

Yes, VPN 3005 concentrator should support GRE tunnels. Here are some configuration examples for the same.
Configuring a GRE Tunnel over IPSec with OSPF
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800a43f6.shtml.
For more such examples please refer to:
http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html

GRE Tunnel on Cisco 7600-SUP720

Similar Messages

Maybe you are looking for