F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100
22
2BConfiguring a point-to-multipoint GRE tunnel
The term "router" in this document refers to both routers and routing-capable firewalls and UTM devices.
18B
Feature and hardware compatibility
Hardware P2MP GRE tunnel com
p
atible
F1000-A-EI/F1000-S-EI Yes
F1000-E Yes
F5000 Yes
Firewall module Yes
U200-A Yes
U200-S No
19B
Overview
Figure 17 P2MP GRE tunnel application scenario
A traditional GRE tunnel is a point to point connection. To use traditional GRE tunnels on an enterprise
network as shown in
678HFigure 17, you need to configure a P2P GRE tunnel between the headquarters and
each branch. When an enterprise has plenty of branches, the configuration workload is huge and,
adding new branches requires additional configurations on the headquarters node, burdening network
administrators. If branches dial in to the network through ADSL, the configurations on the headquarters
node is even complicated due to the indetermination of the public network addresses of the branches.
Dynamic VPN technologies such as DVPN can solve the problem because they support dynamic learning
of the mappings of public network addresses and private network addresses and thereby can
dynamically establish tunnels between the headquarters and the branches and between the branches.
However, there is no unified standard for implementation of dynamic VPN. As a result, vendors use their
proprietary protocols to implement dynamic VPN, making it difficult for devices of different vendors to
cooperate.