Types of interfaces on both ends of the GRE tunnel for the USG6000

26

Interfaces on both ends of the GRE tunnel are tunnel interfaces, used to encapsulate and decapsulate packets. The physical interface used to transmit encapsulated packets is known as the tunnel source interface, and the peer interface used to receive the packets is known as the tunnel destination interface.

Other related questions:
Setting the intranets on both ends of the IPSec tunnel to be on the same subnet on the USG6000
You are advised not to set the intranets of the two ends of the IPSec tunnel to be on the same network segment.

GRE tunnel configuration on the USG6000
The USG6000 GRE scenarios are as follows: 1. Static route-based GRE tunnel The NGFW adopts the dynamic routing protocol. Intranet users can transmit data that is not supported by certain public network devices over the GRE tunnel. 2. OSPF-based GRE tunnel The NGFW adopts the OSPF routing protocol. Intranet users can transmit data that is not supported by certain public network devices over the GRE tunnel. For specific scenarios and configuration cases, click Configuring a Static Route-based GRE Tunnel.

What is the function of the tunnel interface (GRE interface)
The tunnel interface (GRE interface) encapsulates and decapsulates data packets using GRE. The tunnel interface that sends encapsulated packets is called the tunnel source interface, and the one that receives these packets on the peer end is called the tunnel destination interface. Generally, the local WAN interface is used as the tunnel source interface, and the peer WAN interface is used as the tunnel destination interface.

Can the intranets on both ends of the IPSec tunnel be on the same subnet
No. If the two networks are on the same subnet, the local gateway considers a packet destined to the remote network as a packet exchanged within the local network. Therefore, the local gateway does not forward the packet to the remote network through the IPSec tunnel. NOTE: If a headquarters establishes IPSec tunnels with multiple branch offices, the headquarters network and the branch networks cannot be on the same subnet, and the branch networks cannot be on the same subnet, either.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top