Got it
Huawei Enterprise Support Community

can the USG6000 series equipment GRE encrypt the packets protection

94

GRE can be used to encapsulate multicast packets into unicast packets, but it can not encrypt packets

Other related questions:
GRE packet encapsulation process on the USG6000
1. Upon receiving an IP packet over an interface connected to the IP network, the firewall enables the IP processing part to process the IP packet. 2. The IP processing part checks the destination address in the packet header to determine the forwarding mode. If the packet needs to pass through the GRE tunnel to arrive at the destination, the IP processing part sends the packet to the corresponding tunnel interface. 3. Upon receiving the packet, the tunnel interface encapsulates the packet with a GRE packet header and then returns the packet to the IP processing part. 4. The IP processing part encapsulates the GRE packet with a new IP packet header (the source address is the tunnel source interface IP address and the destination address is the tunnel destination interface IP address), and forwards the encapsulated IP packet over the physical port connected to the Internet based on the destination address and routing table.
GRE packet decapsulation process on the USG6000
1. Upon receiving an IP packet over the physical port connected to the Internet, the firewall checks the destination address of the packet. If the destination address is the firewall address and the protocol number in the IP packet header is 47 (indicating an encapsulated GRE packet), the firewall removes the IP packet header and enables the GRE protocol processing part to process the packet. 2. After checking and recognizing keywords, the GRE protocol processing part removes the GRE packet header and enables the IP processing part to process the packet. 3. The IP processing part forwards the packet to the IP network.
Whether the GRE can protect packets by encryption on the USG6000
The GRE can encapsulate multicast packets as unicast packets but cannot protect packets by encryption.
what scene that the USG9000 series equipment GRE features can be used
GRE features are mainly used for the following application scenarios: GRE over IPSec, IPv6 over IPv4 tunnel, expanding the number of hops limited network working range, GRE VPN
Encryption and authentication algorithms used in IPSec to guarantee packet transmission security on the USG6000 series
Encryption algorithm AES and authentication algorithms SHA2-256, SHA2-384, and SHA2-512 are recommended to improve packet transmission security, whereas encryption algorithms DES and 3DES and authentication algorithms MD5 and SHA-1 are not recommended.
If you have more questions, you can seek help from following ways:
To WeiKnow To Live Chat

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.