D-Link DFL-800 Product Manual - Page 104
GRE Security and Performance, Setting Up GRE, IP Address, Remote Network, Remote Endpoint - ipv6
UPC - 790069282133
View all D-Link DFL-800 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 104 highlights
3.3.5. GRE Tunnels Chapter 3. Fundamentals • Tunneling IPv6 traffic across an IPv4 network. • Where a UDP data stream is to be multicast and it is necessary to transit through a network device which does not support multicasting. GRE allows tunneling though the network device. GRE Security and Performance A GRE tunnel does not use any encryption for the communication and is therefore not, in itself, secure. Any security must come from the protocol being tunneled. The advantage of GRE's lack of encryption is the high performance which is achievable because of the low traffic processing overhead. The lack of encryption can be acceptable in some circumstances if the tunneling is done across an internal network that is not public. Setting Up GRE Like other tunnels in NetDefendOS such as an IPsec tunnel, a GRE Tunnel is treated as a logical interface by NetDefendOS, with the same filtering, traffic shaping and configuration capabilities as a standard interface. The GRE options are: • IP Address This is the IP address of the inside of the tunnel on the local side. This cannot be left blank and must be given a value. The specified IP address is then used for the following: i. An ICMP Ping can be sent to this tunnel endpoint. ii. Log messages related to the tunnel will be generated with this IP address as the source. iii. If NAT is being used then it will not be necessary to set the source IP on the IP rule that performs NAT on traffic going through the tunnel. This IP address will be used as the source address for NAT. • Remote Network The remote network which the GRE tunnel will connect with. • Remote Endpoint This is the IP address of the remote device which the tunnel will connect with. • Use Session Key A unique number can optionally be specified for the tunnel. This allows more than one GRE tunnel to run between the same two endpoints. The Session Key value is used to distinguish between them. • Additional Encapsulation Checksum The GRE protocol allows for an additional checksum over and above the IPv4 checksum. This provides an extra check of data integrity. The Advanced settings for a GRE interface are: • Automatically add route for remote network - This option would normally be checked in order that the routing table is automatically updated. The alternative is to manually create the required route. 104