In this example, I will show you just how simple it is for building a GRE tunnel. In this case, I have 2 vdoms ( root and custA ). We will source the GRE tunnels using the vdom-interlinks between the 2.
With Fortinet method, you define the GRE tunnel under config system gre-tunnel and then you can modify the parameters of this interface under the
config system interface.
Now here's the cfgs.
And a simple ping across the output interface and capture.
I've toggle the data pattern with 0101 using the execute ping-options
Take away points;
1: GRE has overhead so the 1500bytes mtu will not fit over this link
2: treat the actual GRE interface like a point 2 point link ( no arp )
3: ensure that the GRE end-points are reachable
4: you can enable any allowaccess methods such as ping ssh https http
5: be aware of any trusthosts settings
6: no firewall-policy is needed for packets source from the firewall for GRE
Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( * * )=
o
/ \
No comments:
Post a Comment