This document illustrates a basic Cisco IOS Firewall configuration with Network Address Translation (NAT). This configuration allows traffic to be initiated from inside the 10.1.1.x and 172.16.1.x networks to the Internet and NATed along the way. A generic routing encapsulation (GRE) tunnel is added to tunnel IP and IPX traffic between two private networks. When a packet arrives at the outbound interface of the router and if it is sent down the tunnel, it is first encapsulated using GRE and then encrypted with IPsec. In other words, any traffic permitted to enter the GRE tunnel is also encrypted by IPsec.
In order to configure the GRE Tunnel over IPsec with Open Shortest Path First (OSPF), refer to Configuring a GRE Tunnel over IPSec with OSPF.
In order to configure a hub and spoke IPsec design between three routers, refer to Configuring IPsec Router-to-Router Hub and Spoke with Communication Between the Spokes.
No comments:
Post a Comment