R0106-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V7)

301

Constructing VPN

Figure 124 Network diagram

As shown in Figure 124, Site 1 and Site 2 both belong to VPN 1 and are located in different cities. Using

a GRE tunnel can connect the two VPN sites across the WAN.

Operating with IPsec

Figure 125 Network diagram

As shown in Figure 125, GRE can be used together with IPsec to form a GRE over IPsec tunnel. Packets

(for example, routing protocol packets, voice data, and video data) are first encapsulated with GRE and

then with IPsec. GRE over IPsec delivers the following benefits:

• Improves transmission security.

• Allows IPsec to protect not only unicast packets. GRE supports encapsulating multicast, broadcast,

and non-IP packets. After GRE encapsulation, these packets become common unicast packets,

which can be protected by IPsec.

• Simplifies IPsec configuration. Packets are first encapsulated by GRE. You can define the packets to

be protected by IPsec according to the GRE tunnel's source and destination addresses, without

considering the source and destination addresses of the original packets.

GRE and IPsec can also form IPsec over GRE tunnels. HP recommends that you use GRE over IPsec tunnels

instead of IPsec over GRE tunnels.

For more information about IPsec, see Security Configuration Guide.

Protocols and standards

• RFC 1701, Generic Routing Encapsulation (GRE)

• RFC 1702, Generic Routing Encapsulation over IPv4 networks

• RFC 2784, Generic Routing Encapsulation (GRE)