HP VPN Firewall Appliances VPN Configuration Guide
21
Configuring a point-to-multipoint GRE tunnel
The term "router" in this document refers to both routers and routing-capable firewalls and firewall
modules.
Overview
Figure 17 P2MP GRE tunnel application scenario
A traditional GRE tunnel is a point to point connection. To use traditional GRE tunnels on an enterprise
network as shown in Figure 17, you need to configure a P2P GRE tunnel between the headquarters and
each branch. W
hen an enterprise has plenty of branches, the configuration workload is huge and,
adding new branches requires additional configurations on the headquarters node, burdening network
administrators. If branches dial in to the network through ADSL, the configurations on the headquarters
node is even complicated due to the indetermination of the public network addresses of the branches.
Dynamic VPN technologies such as DVPN can solve the problem because they support dynamic learning
of the mappings of public network addresses and private network addresses and thereby can
dynamically establish tunnels between the headquarters and the branches and between the branches.
However, there is no unified standard for implementation of dynamic VPN. As a result, vendors use their
proprietary protocols to implement dynamic VPN, making it difficult for devices of different vendors to
cooperate.
The point-to-multipoint (P2MP) GRE tunnel technology solves this problem. It is very applicable to
enterprise networks with a lot of branches. In a P2MP GRE tunnel application, you only need to configure
the tunnel interface on the headquarters node to operate in P2MP GRE tunnel mode and that on each
branch node to operate in traditional P2P GRE tunnel mode. Then, a GRE tunnel will be established
dynamically between the headquarters and each branch.
How a P2MP GRE tunnel operates
The encapsulation and de-encapsulation of P2MP GRE tunnel packets are the same as those of P2P GRE
tunnel packets. For more information, see "Configuring GRE."