D-Link DFL-1660 User Manual page 96
Network security firewall
Hide thumbs
Also See for DFL-1660:
- User manual (595 pages) ,
- Installation manual (45 pages) ,
- Reference manual (948 pages)
Table of Contents
Advertisement
3.3.5. GRE Tunnels
Like other tunnels in NetDefendOS such as an IPsec tunnel, a GRE Tunnel is treated as a logical
interface by NetDefendOS, with the same filtering, traffic shaping and configuration capabilities as
a standard interface. The GRE options are:
•
IP Address - This is the IP address of the sending interface. This is optional and can be left
blank. If it is left blank then the sending IP address will default to the local host address of
127.0.0.1.
•
Remote Network - The remote network which the GRE tunnel will connect with.
•
Remote Endpoint - This is the IP address of the remote device which the tunnel will connect
with.
•
Use Session Key - A unique number can optionally be specified for the tunnel. This allows more
than one GRE tunnel to run between the same two endpoints. The Session Key value is used to
distinguish between them.
•
Additional Encapsulation Checksum - The GRE protocol allows for an additional checksum
over and above the IPv4 checksum. This provides an extra check of data integrity.
The Advanced settings for a GRE interface are:
•
Automatically add route for remote network - This option would normally be checked in
order that the routing table is automatically updated. The alternative is to manually create the
required route.
•
Address to use as source IP - It is possible to specify a particular IP address as the source
interface IP for the tunnel.
GRE and the IP Rule Set
An established GRE tunnel does not automatically mean that all traffic coming from or to that GRE
tunnel is trusted. On the contrary, network traffic coming from the GRE tunnel will be transferred to
the NetDefendOS IP rule set for evaluation. The source interface of the network traffic will be the
name of the associated GRE Tunnel. The same is true for traffic in the opposite direction, that is,
going into a GRE tunnel. Furthermore a Route has to be defined so NetDefendOS knows what IP
addresses should be accepted and sent through the tunnel.
An Example GRE Scenario
96
Chapter 3. Fundamentals
Advertisement
Table of Contents
Troubleshooting
