Directing Traffic into the GRE Tunnel

You can direct traffic into a GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel by configuring a Static route, which directs traffic to the IP address of the tunnel, or a Firewall policy (session-based ACL), that redirects traffic to the specified tunnel ID.

The following sections describe:

About Configuring Static Routes

You can configure a static route that specifies the IP address of a tunnel as the next-hop for traffic for a specific destination. See Configuring Static IP Routes for detailed information on how to configure a static route.

While redirecting traffic into a Layer-3 GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel via a static route, be sure to use the tunnel IP address of the controller as the next-hop, instead of providing the tunnel IP address of the destination controller.

Referring to , the following are examples of the required static route configurations to direct traffic into the IPv4 Layer-3 GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel. for Controller-1 and Controller-2:

  • For the controller named Controller-1:

    (host) [mynode] (config) # ip route 20.20.202.0 255.255.255.0 1.1.1.1

  • For the controller named Controller-2:

    (host) [mynode] (config) # ip route 10.10.101.0 255.255.255.0 1.1.1.2

Configuring a Firewall Policy Rule

Traffic redirected by a firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. policy rule is not forwarded to a tunnel that is “down” (see the next section, Directing Traffic into the GRE Tunnel, for more information on how GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel status is determined).

The following procedure directs traffic into a GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel via a firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. policy:

  1. On the Managed Network node hierarchy, navigate to the Configuration > Roles & Policies > Policies tab.
  2. Create a new firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. policy by clicking + below the Policies table. The Add Policy popup window appears.
  3. Enter the Policy Name.
  4. For Policy Type, specify Session (the default).
  5. Click Submit.
  6. Click Pending Changes.
  7. In the Pending Changes window, select the check box and click Deploy changes
  8. To create a new policy rule for that policy, select the new policy in the Policies table, then scroll to the Add table (below the Policies table) section and click +.
    1. Select the Rule Type and click OK.
    2. Specify the IP Version.
    3. For Action, select Permit or Deny.
    4. Configure any additional settings.
  9. Click Submit.
  10. Click Pending Changes.
  11. In the Pending Changes window, select the check box and click Deploy changes.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command directs traffic into a GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel via a firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. policy (session-based ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port.):

(host) [mynode] (config) #ip access-list session <name>

<source> <destination> <service> redirect tunnel <id>