Lab – Configuring a Point-to-Point GRE VPN Tunnel

Topology

Addressing Table
Device Interface IP Address Subnet Mask Default Gateway

G0/1 172.16.1.1 255.255.255.0 N/A

WEST S0/0/0 (DCE) 10.1.1.1 255.255.255.252 N/A

Tunnel0 172.16.12.1 255.255.255.252 N/A

S0/0/0 10.1.1.2 255.255.255.252 N/A

ISP
S0/0/1 (DCE) 10.2.2.2 255.255.255.252 N/A

G0/1 172.16.2.1 255.255.255.0 N/A

EAST S0/0/1 10.2.2.1 255.255.255.252 N/A

Tunnel0 172.16.12.2 255.255.255.252 N/A

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 17
Lab – Configuring a Point-to-Point GRE VPN Tunnel

PC-A NIC 172.16.1.3 255.255.255.0 172.16.1.1

PC-C NIC 172.16.2.3 255.255.255.0 172.16.2.1

Objectives
Part 1: Configure Basic Device Settings
Part 2: Configure a GRE Tunnel
Part 3: Enable Routing over the GRE Tunnel

Background / Scenario
Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate a variety of network layer
protocols between two locations over a public network, such as the Internet.
GRE can be used with:
- Connecting IPv6 networks over IPv4 networks
- Multicast packets, such as OSPF, EIGRP, and streaming applications
In this lab, you will configure an unencrypted point-to-point GRE VPN tunnel and verify that network traffic is
using the tunnel. You will also configure the OSPF routing protocol inside the GRE VPN tunnel. The GRE
tunnel is between the WEST and EAST routers in OSPF area 0. The ISP has no knowledge of the GRE
tunnel. Communication between the WEST and EAST routers and the ISP is accomplished using default
static routes.
Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with
Cisco IOS Release 15.2(4)M3 (universalk9 image). The switches used are Cisco Catalyst 2960s with Cisco
IOS Release 15.0(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used.
Depending on the model and Cisco IOS version, the commands available and output produced might vary
from what is shown in the labs. Refer to the Router Interface Summary Table at the end of this lab for the
correct interface identifiers.
Note: Make sure that the routers and switches have been erased and have no startup configurations. If you
are unsure, contact your instructor.

Required Resources
• 3 Routers (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
• 2 Switches (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
• 2 PCs (Windows with terminal emulation program, such as Tera Term)
• Console cables to configure the Cisco IOS devices via the console ports
• Ethernet and serial cables as shown in the topology

Part 1: Configure Basic Device Settings

In Part 1, you will set up the network topology and configure basic router settings, such as the interface IP
addresses, routing, device access, and passwords.

Step 1: Cable the network as shown in the topology.

Step 2: Initialize and reload the routers and switches.

Step 3: Configure basic settings for each router.

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 17
Lab – Configuring a Point-to-Point GRE VPN Tunnel

a. Disable DNS lookup.

b. Configure the device names.
c. Encrypt plain text passwords.
d. Create a message of the day (MOTD) banner warning users that unauthorized access is prohibited.
e. Assign class as the encrypted privileged EXEC mode password.
f. Assign cisco as the console and vty password and enable login.
g. Set console logging to synchronous mode.
h. Apply IP addresses to Serial and Gigabit Ethernet interfaces according to the Addressing Table and
activate the physical interfaces. Do NOT configure the Tunnel0 interfaces at this time.
i. Set the clock rate to 128000 for DCE serial interfaces.

Step 4: Configure default routes to the ISP router.

WEST(config)# ip route 0.0.0.0 0.0.0.0 10.1.1.2

EAST(config)# ip route 0.0.0.0 0.0.0.0 10.2.2.2

Step 5: Configure the PCs.

Assign IP addresses and default gateways to the PCs according to the Addressing Table.

Step 6: Verify connectivity.

At this point, the PCs are unable to ping each other. Each PC should be able to ping its default gateway. The
routers are able to ping the serial interfaces of the other routers in the topology. If not, troubleshoot until you
can verify connectivity.

Step 7: Save your running configuration. Part

2: Configure a GRE Tunnel

In Part 2, you will configure a GRE tunnel between the WEST and EAST routers.
Step 1: Configure the GRE tunnel interface.
a. Configure the tunnel interface on the WEST router. Use S0/0/0 on WEST as the tunnel source interface
and 10.2.2.1 as the tunnel destination on the EAST router.
WEST(config)# interface tunnel 0
WEST(config-if)# ip address 172.16.12.1 255.255.255.252
WEST(config-if)# tunnel source s0/0/0
WEST(config-if)# tunnel destination 10.2.2.1
b. Configure the tunnel interface on the EAST router. Use S0/0/1 on EAST as the tunnel source interface
and 10.1.1.1 as the tunnel destination on the WEST router.
EAST(config)# interface tunnel 0
EAST(config-if)# ip address 172.16.12.2 255.255.255.252
EAST(config-if)# tunnel source 10.2.2.1
EAST(config-if)# tunnel destination 10.1.1.1

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 17
Lab – Configuring a Point-to-Point GRE VPN Tunnel

Note: For the tunnel source command, either the interface name or the IP address can be used as the
source.

Step 2: Verify that the GRE tunnel is functional.

a. Verify the status of the tunnel interface on the WEST and EAST routers.
WEST# show ip interface brief
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES unset administratively down down
GigabitEthernet0/0 unassigned YES unset administratively down down
GigabitEthernet0/1 172.16.1.1 YES manual up up
Serial0/0/0 10.1.1.1 YES manual up up
Serial0/0/1 unassigned YES unset administratively down down
Tunnel0 172.16.12.1 YES manual up up

EAST# show ip interface brief

Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES unset administratively down down
GigabitEthernet0/0 unassigned YES unset administratively down down
GigabitEthernet0/1 172.16.2.1 YES manual up up
Serial0/0/0 unassigned YES unset administratively down down
Serial0/0/1 10.2.2.1 YES manual up up
Tunnel0 172.16.12.2 YES manual up up

b. Issue the show interfaces tunnel 0 command to verify the tunneling protocol, tunnel source, and tunnel
destination used in this tunnel.
What is the tunneling protocol used? What are the tunnel source and destination IP addresses associated
with GRE tunnel on each router?

The tunneling protocol used is GRE. For the WEST router, the tunnel source is 10.1.1.1 (Serial0/0/0),
and the destination is 10.2.2.1. For the EAST router, the tunnel source is 10.2.2.1 and the destination
is 10.1.1.1.

WEST#
show interfaces tunnel 0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 172.16.12.1/30
MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 10.1.1.1 (Serial0/0/0), destination 10.2.2.1
Tunnel Subblocks:
src-track:
Tunnel0 source tracking subblock associated with Serial0/0/0
Set of tunnels with source Serial0/0/0, 1 member (includes
iterators), on
interface <OK>

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 17
Lab – Configuring a Point-to-Point GRE VPN Tunnel

Tunnel protocol/transport GRE/IP

Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255, Fast tunneling enabled
Tunnel transport MTU 1476 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 00:00:12, output 00:00:12, output hang never
Last clearing of "show interface" counters 00:01:29
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
5 packets input, 620 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
5 packets output, 620 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out

EAST# show interfaces tunnel 0

Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 172.16.12.2/30
MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 10.2.2.1, destination 10.1.1.1
Tunnel Subblocks:
src-track:
Tunnel0 source tracking subblock associated with Serial0/0/1
Set of tunnels with source Serial0/0/1, 1 member (includes
iterators), on
interface <OK>
Tunnel protocol/transport GRE/IP
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255, Fast tunneling enabled
Tunnel transport MTU 1476 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 00:01:28, output 00:01:28, output hang never
Last clearing of "show interface" counters 00:02:50
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
5 packets input, 620 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 17
Lab – Configuring a Point-to-Point GRE VPN Tunnel

5 packets output, 620 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out

c. Ping across the tunnel from the WEST router to the EAST router using the IP address of the tunnel
interface.
WEST# ping 172.16.12.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to
172.16.12.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/36 ms

d. Use the traceroute command on the WEST to determine the path to the tunnel interface on the EAST
router. What is the path to the EAST router?
172.162.12.1 > 172.16.12.2

WEST# traceroute 172.16.12.2

Type escape sequence to abort.
Tracing the route to 172.16.12.2
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.12.220 msec 20 msec *

e. Ping and trace the route across the tunnel from the EAST router to the WEST router using the IP address
of the tunnel interface.
What is the path to the WEST router from the EAST router?
172.16.12.2 > 172.16.12.1
With which interfaces are these IP addresses associated? Explain.
The tunnel 0 interfaces on both WEST and EAST routers. The traffic is using the tunnel.

f. The ping and traceroute commands should be successful. If not, troubleshoot before continuing to the
next part.

Part 3: Enable Routing over the GRE Tunnel

In Part 3, you will configure OSPF routing so that the LANs on the WEST and EAST routers can communicate
using the GRE tunnel.
After the GRE tunnel is set up, the routing protocol can be implemented. For GRE tunneling, a network
statement will include the IP network of the tunnel, instead of the network associated with the serial interface.

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 17
Lab – Configuring a Point-to-Point GRE VPN Tunnel

just like you would with other interfaces, such as Serial and Ethernet. Remember that the ISP router is not
participating in this routing process.

Step 1: Configure OSPF routing for area 0 over the tunnel.

a. Configure OSPF process ID 1 using area 0 on the WEST router for the 172.16.1.0/24 and 172.16.12.0/24
networks.
WEST(config)# router ospf 1
WEST(config-router)# network 172.16.1.0 0.0.0.255 area 0
WEST(config-router)# network 172.16.12.0 0.0.0.3 area 0
b. Configure OSPF process ID 1 using area 0 on the EAST router for the 172.16.2.0/24 and 172.16.12.0/24
networks.
EAST(config)# router ospf 1
EAST(config-router)# network 172.16.2.0 0.0.0.255 area 0
EAST(config-router)# network 172.16.12.0 0.0.0.3 area 0

Step 2: Verify OSPF routing.

a. From the WEST router, issue the show ip route command to verify the route to 172.16.2.0/24 LAN on the
EAST router.
WEST# show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 10.1.1.2 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 10.1.1.2

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C
10.1.1.0/30 is directly connected, Serial0/0/0
L 10.1.1.1/32 is directly connected, Serial0/0/0
172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
C 172.16.1.0/24 is directly connected, GigabitEthernet0/1
L 172.16.1.1/32 is directly connected, GigabitEthernet0/1
O 172.16.2.0/24 [110/1001] via 172.16.12.2, 00:00:07, Tunnel0
C 172.16.12.0/30 is directly connected, Tunnel0
L 172.16.12.1/32 is directly connected, Tunnel0

What is the exit interface and IP address to reach the 172.16.2.0/24 network?

The tunnel 0 interface with an IP address of 172.16.12.2 is used to reach 172.16.2.0/24.

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 7 of 17
Lab – Configuring a Point-to-Point GRE VPN Tunnel

b. From the EAST router issue the command to verify the route to 172.16.1.0/24 LAN on the WEST router.
What is the exit interface and IP address to reach the 172.16.1.0/24 network?

The tunnel 0 interface with an IP address of 172.16.12.1 is used to reach 172.16.1.0/24.

EAST#show ip route
Codes: L -local, C -connected, S -static, R -RIP, M -mobile, B -BGP
D -EIGRP, EX -EIGRP external, O -OSPF, IA -OSPF inter area
N1 -OSPF NSSA external type 1, N2 -OSPF NSSA external type 2
E1 -OSPF external type 1, E2 -OSPF external type 2
i -IS-IS, su -IS-IS summary, L1 -IS-IS level-1, L2 -IS-IS level-2
ia -IS-IS inter area, * -candidate default, U -per-user static route
o -ODR, P -periodic downloaded static route, H -NHRP, l -LISP
+ -replicated route, % -next hop override

Gateway of last resort is 10.2.

2.2 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 10.2.2.2
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.2.2.0/30 is directly connected, Serial0/0/1
L 10.2.2.1/32 is directly connected, Serial0/0/1
172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
O 172.16.1.0/24 [110/1001] via 172.16.12.1, 00:02:44, Tunnel0
C 172.16.2.0/24 is directly connected, GigabitEthernet0/1
L 172.16.2.1/32 is directly connected, GigabitEthernet0/1
C 172.16.12.0/30 is directly connected, Tunnel0
L 172.16.12.2/32 is directly connected, Tunnel0

Step 3: Verify end-to-end connectivity.

a. Ping from PC-A to PC-C. It should be successful. If not, troubleshoot until you have end-to-end
connectivity.
Note: It may be necessary to disable the PC firewall to ping between PCs.
b. Traceroute from PC-A to PC-C. What is the path from PC-A to PC-C?
c.
172.16.1.1 > 172.16.12.2 (Tunnel interface on the EAST router)> 172.16.2.3

Reflection
1. What other configurations are needed to create a secured GRE tunnel?

IPsec can be configured to encrypt the data for a secured GRE tunnel.

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 8 of 17
Lab – Configuring a Point-to-Point GRE VPN Tunnel

2. If you added more LANs to the WEST or EAST router, what would you need to do so that the network will use
the GRE tunnel for traffic?
The new networks would need to be added to the same routing protocols as the tunnel interface.

Router Interface Summary Table

Router Interface Summary

Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2

1800 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(F0/0) (F0/1)

1900 Gigabit Ethernet 0/0 Gigabit Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(G0/0) (G0/1)

2801 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
(F0/0) (F0/1)

2811 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(F0/0) (F0/1)

2900 Gigabit Ethernet 0/0 Gigabit Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(G0/0) (G0/1)

Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.

Device Con
figs
Router
WEST
WEST
# show run
Building configuration...
Current configuration : 1798 bytes
!
version 15.2
service timestamps debug
datetime msec
service timestamps log datetime msec
service password
-
encryption
!
hostname WEST

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 9 of 17
Lab – Configuring a Point-to-Point GRE VPN Tunnel

!
boot
-
start
-
marker
boot
-
end
-
marker
!
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new
-
model
memory
-
size iomem 15
!
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
interface Tunnel0
ip address 172.16.12.1 255.255.255.252
tunnel source Serial0/0/0
tunnel destination 10.2.2.1
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 172.16.1.1 255.255.255.0

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 10 of 17
Lab – Configuring a Point-to-Point GRE VPN Tunnel

duplex auto

speed auto
!
interface Serial0/0/0
ip address 10.1.1.1 255.255.255.252
clock rat
e 128000
!
interface Serial0/0/1
no ip address
shutdown
!
router ospf 1
network 172.16.1.0 0.0.0.255 area 0
network 172.16.12.0 0.0.0.3 area 0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.1.1.2
!
!
!
!
control-plane
!
!
banner motd ^C
Unauthorized Access Prohibited.
^C
!
line con 0
password 7 14141B180F0B
logging synchronous
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport
output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 05080F1C2243
login
transport input all
!
scheduler allocate 20000 1000

!
end
Router

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 11 of 17
Lab – Configuring a Point-to-Point GRE VPN Tunnel

ISP
ISP#
show run
Building configuration...
Current configuration : 1406 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password
-
encryption
!
hostname ISP
!
boot
-
start
-
marker
boot
-
end
-
marker
!
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new
-
model
memory
-
size iomem 15
!
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle
-
name authenticated
!
!
!
!
!
!
redundancy
!
!
!

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 12 of 17
Lab – Configuring a Point-to-Point GRE VPN Tunnel

!
!
!
!
!
!
!
!
!
!
!
interface Embedded
-
Service
-
Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
ip address 10.1.1.2 255.255.255.252
!
interface Serial0/0/1
ip address 10.2.2.2 255.255.255.252
clock rate 128000
!
ip forward
-
protocol nd
!
no ip http server
no ip http secure
-
server
!
!
!
!
!
control
-
plane
!
!
banner motd ^C
Unauthorized Access Prohibited.
^C

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 13 of 17
Lab – Configuring a Point-to-Point GRE VPN Tunnel

!
line con 0
password 7 02050D480809
Lab
–
Configuring a Point
-
to
-
Point GRE VPN Tunnel
©
2013
Cisco
and/or its affiliates
. All rights reserved. This document is Cisco Public.
Page
14
of
16
logging synchronous
login
line aux 0
line 2
no
activation
-
character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb
-
ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 045802150C2E
login
transport input all
!
scheduler allocate 20000 1000
!
e
nd
Router
EAST
EAST# show run
Building configuration...
Current configuration : 1802 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password
-
encryption
!
hostname EAST
!
boot
-

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 14 of 17
Lab – Configuring a Point-to-Point GRE VPN Tunnel

start
-
marker
boot
-
end
-
ma
rker
!
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new
-
model
memory
-
size iomem 15
!
ip cef
!
!
!
!
!
!
!
Lab
–
Configuring a Point
-
to
-
Point GRE VPN Tunnel
©
2013
Cisco
and/or its affiliates
. All rights reserved. This document is Cisco Public.
Page
15
of
16
no ip domain lookup
no ipv6 cef
!
multilink bundle
-
name authenticated
!
!
!
!
!
redundancy
!
!
!
!
!

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 15 of 17
Lab – Configuring a Point-to-Point GRE VPN Tunnel

!
!
!
!
!
!
!
!
!
interface Tunnel0
ip address 172.16.12.2 255.255.255.252
tunnel source
10.2.2.1
tunnel destination 10.1.1.1
!
interface Embedded
-
Service
-
Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 172.16.2.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
Lab
–
Configuring a Point
-
to
-
Point GRE VPN Tunnel
©
2013
Cisco
and/or its affiliates
. All rights reserved. This document is Cisco Public.
Page
16
of
16
interface Serial0/0/1
ip address 10.2.2.1 255.255.255.252
!
router ospf 1
network
172.16.2.0 0.0.0.255 area 0

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 16 of 17
Lab – Configuring a Point-to-Point GRE VPN Tunnel

network 172.16.12.0 0.0.0.3 area 0

!
ip forward
-
protocol nd
!
no ip http server
no ip http secure
-
server
!
ip route 0.0.0.0 0.0.0.0 10.2.2.2
!
!
!
!
control
-
plane
!
!
banner motd ^C
Unauthorized Access Prohibited.
^C
!
line co
n 0
password 7 00071A150754
logging synchronous
login
line aux 0
line 2
no activation
-
character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb
-
ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password
7 030752180500
login
transport input all
!
scheduler allocate 20000 1000
!
end

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 17 of 17