Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
11121314151617181920
2
GRE over IPv6—The transport protocol is IPv6, and the passenger protocol is any network layer
protocol.
In the Web interface, you can configure only GRE over IPv4 tunnels.
93BGRE encapsulation and de-encapsulation
The following sections uses 666HFigure 3 to describe how an X protocol packet traverses an IP network
through a GRE tunnel.
Figure 3 X protocol networks interconnected through a GRE tunnel
322BEncapsulation process
1. After receiving an X protocol packet from the interface connected to Group 1, Device A submits it
to the X protocol for processing.
2. The X protocol checks the destination address field in the packet header to determine how to route
the packet.
3. If the packet must be tunneled to reach its destination, Device A sends the packet to the GRE tunnel
interface.
4. Upon receiving the packet, the tunnel interface encapsulates the packet with GRE and then with IP.
5. Device A looks up the routing table according to the destination address in the IP header and
forwards the IP packet.
323BDe-encapsulation process
De-encapsulation is the reverse of the encapsulation process:
1. Upon receiving an IP packet from the tunnel interface, Device B checks the destination address.
2. If the destination is itself and the protocol number in the IP header is 47 (the protocol number for
GRE), Device B removes the IP header of the packet and submits the resulting packet to GRE for
processing (such as checking the GRE key, checksum, and sequence number in the packet).
3. After GRE finishes the processing, Device B removes the GRE header and submits the payload to
the X protocol for forwarding.
NOTE:
GRE encapsulation and de-encapsulation can decrease the forwarding efficiency of tunnel-end devices.
94BGRE security features
GRE supports the following security features to ensure GRE tunnel security:
GRE key—Ensures packet validity. The sender adds a GRE key into a packet. The receiver compares
the GRE key with its own GRE key. If the two keys are the same, the receiver accepts the packet.
Otherwise, it drops the packet.
GRE checksum—Ensures packet integrity. The sender calculates a checksum for the GRE header
and payload and sends the packet containing the checksum to the tunnel peer. The receiver