Virtual Private Networking
151
GRE
The GRE configuration of the CyberGuard SG appliance allows you to build GRE tunnels
to other devices that support the Generic Routing Encapsulating protocol. You can build
GRE tunnels to other CyberGuard SG appliances that support GRE, or to other devices
such as Cisco equipment.
GRE tunnels are useful for redistributing IPv6 or broadcast and multicast traffic across a
VPN connection. It is also useful for carrying unsupported protocols such as IPX or
Appletalk between remote IP networks.
Warning
GRE tunnels are not secure unless they are run over another secure protocol. Using a
GRE tunnel that runs over the Internet, it is possible for an attacker to put packets onto
your network. If you want a tunneling mechanism to securely connect to networks, then
you should use IPSec, or tunnel GRE over either IPSec or PPTP tunnels.
An example setup that describes using GRE to bridge a network over an IPSec tunnel is
described in GRE over IPSec.
Setting up a GRE tunnel
In this example we will connect two office networks using a GRE tunnel between two
CyberGuard SG appliances. One is located in Brisbane, the other in Slough. The two
networks have the following configuration:
CyberGuard SG appliance in Brisbane
Internet address:
203.23.45.6
LAN address:
192.168.1.1
LAN:
192.168.1.0 / 255.255.255.0
CyberGuard SG appliance in Slough
Internet address:
195.45.67.8
LAN address:
10.1.0.1
LAN:
10.1.0.0 / 255.255.0.0