D-Link NetDefend DFL-210 User Manual page 98
Network security firewall ver 2.26.01
Hide thumbs
Also See for NetDefend DFL-210:
- Log reference manual (476 pages) ,
- User manual (469 pages) ,
- Cli reference manual (213 pages)
Table of Contents
Advertisement
3.3.5. GRE Tunnels
overhead. The lack of encryption can be acceptable in some circumstances if the tunneling is done
across an internal network that is not public.
Setting Up GRE
Like other tunnels in NetDefendOS such as an IPsec tunnel, a GRE Tunnel is treated as a logical
interface by NetDefendOS, with the same filtering, traffic shaping and configuration capabilities as
a standard interface. The GRE options are:
•
IP Address - This is the IP address of the sending interface. This is optional and can be left
blank. If it is left blank then the sending IP address will default to the local host address of
127.0.0.1.
•
Remote Network - The remote network which the GRE tunnel will connect with.
•
Remote Endpoint - This is the IP address of the remote device which the tunnel will connect
with.
•
Use Session Key - A unique number can optionally be specified for the tunnel. This allows more
than one GRE tunnel to run between the same two endpoints. The Session Key value is used to
distinguish between them.
•
Additional Encapsulation Checksum - The GRE protocol allows for an additional checksum
over and above the IPv4 checksum. This provides an extra check of data integrity.
The Advanced settings for a GRE interface are:
•
Automatically add route for remote network - This option would normally be checked in
order that the routing table is automatically updated. The alternative is to manually create the
required route.
•
Address to use as source IP - It is possible to specify a particular IP address as the source
interface IP for the GRE tunnel. The tunnel setup will appear to be initiated by this IP address
instead of the IP address of the interface that actually sets up the tunnel.
This might be done if, for example, you are using ARP publishing and want the tunnel to be
setup by an ARP published IP address.
GRE and the IP Rule Set
An established GRE tunnel does not automatically mean that all traffic coming from or to that GRE
tunnel is trusted. On the contrary, network traffic coming from the GRE tunnel will be transferred to
the NetDefendOS IP rule set for evaluation. The source interface of the network traffic will be the
name of the associated GRE Tunnel. The same is true for traffic in the opposite direction, that is,
going into a GRE tunnel. Furthermore a Route has to be defined so NetDefendOS knows what IP
addresses should be accepted and sent through the tunnel.
An Example GRE Scenario
98
Chapter 3. Fundamentals
Advertisement
Table of Contents
Troubleshooting
