You can use the VPN-Interface-GRE template for all vEdge Cloud and vEdge router devices.
When a service, such as a firewall, is available on a device that supports only GRE tunnels, you can configure a GRE tunnel on the vEdge router to connect to the remote device by configuring a logical GRE interface. You then advertise that the service is available via a GRE tunnel, and you create data policies to direct the appropriate traffic to the tunnel. GRE interfaces come up as soon as they are configured, and they stay up as long as the physical tunnel interface is up.
To configure GRE interfaces using vManage templates:
- Create a VPN-Interface-GRE feature template to configure a GRE interface, as described in this article.
- Create a VPN feature template to advertise a service that is reachable via a GRE tunnel, to configure GRE-specific static routes, and to configure other VPN parameters. See the Configuration ► Templates ► VPN help topic.
- Create a device template that incorporates the VPN-Interface-GRE feature template and the VPN feature template. See the Configuration ► Templates help topic.
- Create a data policy on the vSmart controller that applies to the service VPN, including a set service service-name local command. See the Configuring Centralized Data Policy article for your software release.
- Activate the vSmart policy. See the Configuration ► Templates ► Policy help topic.
Navigate to the Template Screen
- In vManage NMS, select the Configuration ► Templates screen.
- From the Templates title bar, select Feature.
- Click Add Template.
- In the left pane, select one or more devices. The right pane displays the available templates for the selected devices.
- Select the VPN-Interface-GRE template.
The right pane displays the VPN-Interface-GRE template form.
- The top of the form contains fields for naming the template.
- The bottom contains fields for defining parameters applicable to that template.
- A drop-down menu to the left of each parameter field defines the scope of the parameter. When you first open a feature template form, for each parameter that has a default value, the scope is set to Default. To edit a parameter field, change the scope to Global or Device Specific. Note that if a parameter's scope is Device Specific, you cannot enter a value for it in the feature template. Instead, you enter a value when you attach the template to a device.
- A plus sign (+) is displayed to the right when you can add multiple entries for the same parameter.
Minimum GRE Interface Configuration
The following parameters are required (unless otherwise indicated) to configure a GRE interface on a vEdge router:
|1.||Template Name||Enter a name for the template. It can be up to 128 characters and can contain only alphanumeric characters.|
|2.||Description (Template)||Enter a description for the template. It can be up to 2048 characters and can contain only alphanumeric characters.|
|3.||Shutdown||Click Off to enable the interface.|
|4.||GRE Source IP Address||Enter the source IP address of the GRE tunnel interface. This address is on the local router.|
|5.||GRE Destination IP Address||Enter the destination IP address of the GRE tunnel interface. This address is on a remote device|
Enter the name of the GRE interface, in the format grenumber. number can be from 1 through 255.
|7.||Save||Click Save to save the feature template.|
vpn vpn-id interface grenumber [no] shutdown tunnel-destination ip-address tunnel-source ip-address
Configure Other Interface Properties
To configure other GRE interface properties:
|Description (Interface)||Enter a description of the GRE interface.|
|IPv4 Address||Enter an IP address for the GRE tunnel itself.|
|Interval||Specify how often the GRE interface sends keepalive packets on the GRE tunnel. Because GRE tunnels are stateless, sending of keepalive packets is the only way to determine whether the remote end of the tunnel is up. The keepalive packets are looped back to the sender. Receipt of these packets by the sender indicates that the remote end of the GRE tunnel is up. |
Range: 0 through 65535 seconds
Default: 10 seconds
|Retries||Specify how many times the GRE interface tries to resend keepalive packets before declaring the remote end of the GRE tunnel to be down. |
Range: 0 through 255
|IP MTU||Specify the maximum MTU size of packets on the interface. |
Range: 576 through 1804
Default: 1500 bytes
|Clear-Dont-Fragment||Click On to clear the Don't Fragment bit in the IPv4 packet header for packets being transmitted out the interface.|
|TCP MSS||Specify the maximum segment size (MSS) of TPC SYN packets passing through the vEdge router. By default, the MSS is dynamically adjusted based on the interface or tunnel MTU such that TCP SYN packets are never fragmented. |
Range: 552 to 1460 bytes
|Rewrite rule||Click On, and specify the name of the rewrite rule to apply on the interface.|
|Ingress ACL|| |
Click On, and specify the name of the access list to apply to packets being received on the interface.
|Egress ACL||Click On, and specify the name of the access list to apply to packets being transmitted on the interface.|
|Ingress policer||Click On, and specify the name of the policer to apply to packets being received on the interface.|
|Egress policer||Click On, and specify the name of the policer to apply to packets being transmitted on the interface.|
vpn vpn-id interface grenumber access-list acl-list (in | out) clear-dont-fragment description text mtu bytes policer policer-name (in |out) qos-map name rewrite-rule name shaping-rate name tcp-mss-adjust bytes
Introduced in vManage NMS Release 15.4.1.