D-Link DFL-260E User Manual for DFL-260E - Page 122
GRE and the IP Rule Set, An Example GRE Scenario, 4.5. GRE Tunnels
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 122 highlights
3.4.5. GRE Tunnels Chapter 3. Fundamentals between them. • Additional Encapsulation Checksum The GRE protocol allows for an additional checksum over and above the IPv4 checksum. This provides an extra check of data integrity. The Advanced settings for a GRE interface are: • Automatically add route for remote network - This option would normally be checked in order that the routing table is automatically updated. The alternative is to manually create the required route. • Address to use as source IP - It is possible to specify a particular IP address as the source interface IP for the GRE tunnel. The tunnel setup will appear to be initiated by this IP address instead of the IPv4 address of the interface that actually sets up the tunnel. This might be done if, for example, if ARP publishing is being used and the tunnel is to be setup using an ARP published IP address. GRE and the IP Rule Set An established GRE tunnel does not automatically mean that all traffic coming from or to that GRE tunnel is trusted. On the contrary, network traffic coming from the GRE tunnel will be transferred to the NetDefendOS IP rule set for evaluation. The source interface of the network traffic will be the name of the associated GRE Tunnel. The same is true for traffic in the opposite direction, that is, going into a GRE tunnel. Furthermore a Route has to be defined so NetDefendOS knows what IP addresses should be accepted and sent through the tunnel. An Example GRE Scenario The diagram above shows a typical GRE scenario, where two NetDefend Firewalls A and B must communicate with each other through the intervening internal network 172.16.0.0/16. Any traffic passing between A and B is tunneled through the intervening network using a GRE tunnel and since the network is internal and not public there is no need for encryption. 122