Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

VPN Interface GRE

Use the VPN Interface GRE template for all vEdge Cloud and vEdge router devices.

When a service, such as a firewall, is available on a device that supports only GRE tunnels, you can configure a GRE tunnel on the vEdge router to connect to the remote device by configuring a logical GRE interface. You then advertise that the service is available via a GRE tunnel, and you create data policies to direct the appropriate traffic to the tunnel. GRE interfaces come up as soon as they are configured, and they stay up as long as the physical tunnel interface is up.

To configure GRE interfaces using vManage templates:

  1. Create a VPN-Interface-GRE feature template to configure a GRE interface, as described in this article.
  2. Create a VPN feature template to advertise a service that is reachable via a GRE tunnel, to configure GRE-specific static routes, and to configure other VPN parameters. See the VPN help topic.
  3. Create a data policy on the vSmart controller that applies to the service VPN, including a set service service-name local command. See the Policies help topic.

Navigate to the Template Screen and Name the Template

  1. In vManage NMS, select the Configuration ► Templates screen.
  2. In the Device tab, click Create Template.
  3. From the Create Template drop-down, select From Feature Template.
  4. From the Device Model drop-down, select the type of device for which you are creating the template.
  5. To create a template for VPN 0 or VPN 512:
    1. Click the Transport & Management VPN tab located directly beneath the Description field, or scroll to the Transport & Management VPN section.
    2. Under Additional VPN 0 Templates, located to the right of the screen, click VPN Interface GRE.
    3. From the VPN Interface GRE drop-down, click Create Template. The VPN-Interface-GRE template form is displayed. The top of the form contains fields for naming the template, and the bottom contains fields for defining VPN Interface GRE parameters.
  6. To create a template for VPNs 1 through 511, and 513 through 65530:
    1. Click the Service VPN tab located directly beneath the Description field, or scroll to the Service VPN section.
    2. Click the Service VPN drop-down.
    3. Under Additional VPN templates, located to the right of the screen, click VPN Interface GRE.
    4. From the VPN Interface GRE drop-down, click Create Template. The VPN-Interface-GRE template form is displayed. The top of the form contains fields for naming the template, and the bottom contains fields for defining VPN Interface GRE parameters.

      G00507.png
  7. In the Template Name field, enter a name for the template. The name can be up to 128 characters and can contain only alphanumeric characters.
  8. In the Template Description field, enter a description of the template. The description can be up to 2048 characters and can contain only alphanumeric characters.

When you first open a feature template, for each parameter that has a default value, the scope is set to Default (indicated by a check mark), and the default setting or value is shown. To change the default or to enter a value, click the scope drop-down to the left of the parameter field and select one of the following:

Parameter Scope

Scope Description

Device Specific (indicated by a host icon)

Use a device-specific value for the parameter. For device-specific parameters, you cannot enter a value in the feature template. You enter the value when you attach a Viptela device to a device template.

When you click Device Specific, the Enter Key box opens. This box displays a key, which is a unique string that identifies the parameter in a CSV file that you create. This file is an Excel spreadsheet that contains one column for each key. The header row contains the key names (one key per column), and each row after that corresponds to a device and defines the values of the keys for that device. You upload the CSV file when you attach a Viptela device to a device template. For more information, see Create a Template Variables Spreadsheet.

To change the default key, type a new string and move the cursor out of the Enter Key box.

Examples of device-specific parameters are system IP address, hostname, GPS location, and site ID.

Global (indicated by a globe icon)

Enter a value for the parameter, and apply that value to all devices.

Examples of parameters that you might apply globally to a group of devices are DNS server, syslog server, and interface MTUs.

Configuring a Basic GRE Interface

To configure a basic GRE interface, select the Basic Configuration and then configure the following parameters. Parameters marked with an asterisk are required to configure a GRE interface.

Parameter Name Description
Shutdown* Click Off to enable the interface.
Interface Name*

Enter the name of the GRE interface, in the format grenumber. number can be from 1 through 255.

Description Enter a description of the GRE interface.
Source*

Enter the source of the GRE interface:

  • GRE Source IP Address—Enter the source IP address of the GRE tunnel interface. This address is on the local router.
  • Tunnel Source Interface—Enter the physical interface that is the source of the GRE tunnel.
Destination* Enter the destination IP address of the GRE tunnel interface. This address is on a remote device
GRE Destination IP Address* Enter the destination IP address of the GRE tunnel interface. This address is on a remote device
IPv4 Address Enter an IPv4 address for the GRE tunnel.
IP MTU Specify the maximum MTU size of packets on the interface.
Range: 576 through 1804
Default: 1500 bytes
Clear-Dont-Fragment Click On to clear the Don't Fragment bit in the IPv4 packet header for packets being transmitted out the interface.
TCP MSS Specify the maximum segment size (MSS) of TPC SYN packets passing through the vEdge router. By default, the MSS is dynamically adjusted based on the interface or tunnel MTU such that TCP SYN packets are never fragmented.
Range: 552 to 1460 bytes
Default: None
Keepalive Interval Specify how often the GRE interface sends keepalive packets on the GRE tunnel. Because GRE tunnels are stateless, sending of keepalive packets is the only way to determine whether the remote end of the tunnel is up. The keepalive packets are looped back to the sender. Receipt of these packets by the sender indicates that the remote end of the GRE tunnel is up.
Range: 0 through 65535 seconds
Default: 10 seconds
Keepalive Retries Specify how many times the GRE interface tries to resend keepalive packets before declaring the remote end of the GRE tunnel to be down.
Range: 0 through 255
Default: 3

To save the feature template, click Save.

CLI equivalent:

vpn vpn-id 
  interface grenumber
    clear-dont-fragment
    description text
    ip address ipv4-prefix/length
    keepalive seconds retries
    mtu bytes
    policer policer-name (in |out)
    qos-map name
    rewrite-rule name
    shaping-rate name
    [no] shutdown
    tcp-mss-adjust bytes  
    tunnel-destination ip-address
    (tunnel-source ip-address | tunnel-source-interface interface-name)

Configure Interface Access Lists

To configure access lists on a GRE interface, select the ACL tab and configure the following parameters:

Parameter Name Description
Rewrite Rule Click On, and specify the name of the rewrite rule to apply on the interface.
Ingress ACL – IPv4

Click On, and specify the name of the access list to apply to IPv4 packets being received on the interface.

Egress ACL – IPv4 Click On, and specify the name of the access list to apply to IPv4 packets being transmitted on the interface.
Ingress Policer Click On, and specify the name of the policer to apply to packets being received on the interface.
Egress Policer Click On, and specify the name of the policer to apply to packets being transmitted on the interface.

CLI equivalent:

vpn vpn-id
  interface grenumber
    access-list acl-list (in | out) 
    policer policer-name (in |out)
    qos-map name
    rewrite-rule name
    shaping-rate name

Release Information

Introduced in vManage NMS Release 15.4.1.

  • Was this article helpful?