Scribd
Upload
124 views21 pages

VPN and Tunnel Concept With IP-in-IP Tunnel Configuration IP-in-IP Tunnel Configuration

VPN technology allows for secure transmission of data over the internet through tunneling. There are different types of tunnels that operate at the network or transport layer, including IP-in-IP and GRE tunnels. The presentation demonstrates how to configure an IP-in-IP tunnel between a MikroTik router and Cisco router to connect two private networks across the public internet in a secure manner. Configuration involves setting IP addresses, default routes, NAT, and the tunnel interfaces on each router.

Uploaded by

Carlos FT
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
124 views21 pages

VPN and Tunnel Concept With IP-in-IP Tunnel Configuration IP-in-IP Tunnel Configuration

VPN technology allows for secure transmission of data over the internet through tunneling. There are different types of tunnels that operate at the network or transport layer, including IP-in-IP and GRE tunnels. The presentation demonstrates how to configure an IP-in-IP tunnel between a MikroTik router and Cisco router to connect two private networks across the public internet in a secure manner. Configuration involves setting IP addresses, default routes, NAT, and the tunnel interfaces on each router.

Uploaded by

Carlos FT
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

VPN and Tunnel concept with

IP-in-IP tunnel configuration


Armenia MUM 2017

www.netrotik.com
Presenter Information
Amin Hamidi Younessi
MikroTik Certified Trainer
: amin.younessi
: amin.younessi
: info@netrotik.com , aminyounessi@gmail.com

www.netrotik.com
Presentation topics:
• Fundamentals of VPN technology.
• Benefits of Tunnels.
• Types of Tunnels.
• IP-in-IP configuration between MikroTik and
Cisco Routers.

www.netrotik.com
What is VPN?
• Virtual Private Network.
• VPN transmits data by means of tunneling.
• Both tunnel endpoints need to support the
same protocol.
• Tunneling protocols are operate at either OSI
layer 2 or layer3.

www.netrotik.com
Benefits of Tunnels
• Decrease cost.
• Scalability.
• Confidentiality.
• Authentication.
• Data Integrity.
• Anti-reply.

www.netrotik.com
Two Main Types of Tunnels

• Remote-access tunnels(as known as VPN)

• Site-to-site tunnels

www.netrotik.com
Remote access sample

Internet
Central Office:
public: 100.1.1.20/24
PPTP Tunnel Local: 192.168.1.1/24
172.16.1.1/32

172.16.1.2/32

www.netrotik.com
Site-to-site sample

Internet

GRE Tunnel
R1 R2

PC1 PC2

www.netrotik.com
Types of Tunnels:

IPIP GRE EOIP L2TP PPTP

layer3 tunnel layer 3 tunnel layer 2 tunnel layer 2 tunnel layer2 tunnel

4 for ipv4 and 41 IP protocol IP protocol 1701 UDP 1723 TCP

for ipv6 number 47 number 47

www.netrotik.com
IP-in-IP Tunnel mechanism
• The IPIP tunnel is a simple protocol that
encapsulates IP packets in IP to make a tunnel
between two routers.

Outer IP Header Inner IP Header IP Payload


GRE Tunnel mechanism

Outer IP Header GRE Header Inner IP Header IP Payload

• The GRE header is variable in length, from 4 to 16 bytes, depending on


which optional features have been enabled.

C K S Reserved Ver Protocol


Checksum Reserved
Key
Sequence Number
IP-in-IP tunnel Scenario
Internet

Public IP: 100.1.2.2/30 Public IP: 100.1.1.2/30


Fa 0/1 Ether2

Cisco-1841 IP-in-IP Tunnel


Tunnel IP address:
MikroTik-hAP
Tunnel IP address:
LAN-Address: 172.16.1.1/30 LAN-Address:
172.16.1.2/30
Fa0/0 : 192.168.1.1/24 Ether1: 192.168.2.1/24

A B

IP: 192.168.1.2
IP: 192.168.2.2
GW:192.168.1.1
GW: 192.168.2.1

www.netrotik.com
Steps:
• Configuring the IP addresses
– MikroTik:

– Cisco:

www.netrotik.com
• Add default route:
– MikroTik:

– Cisco:

www.netrotik.com
• Source NAT for direct clients to the internet
– MikroTik :

– Cisco

www.netrotik.com
• IPIP Tunnel configuration:

Your public address

Your partner address Your public address

Your partner address

www.netrotik.com
• Setting IP address on tunnel interface

www.netrotik.com
• Now it’s time to verifying connections

– ping pc A from pc B

– Trace route result from pc B

Other side of tunnel

www.netrotik.com
• Look at Tunnel Traffic

www.netrotik.com
Summary

There is an increasing demand nowadays to connect to internal networks from


distant locations. Employees often need to connect to internal private networks
over the Internet (which is by nature insecure) from home, hotels, airports or
from other external networks. Security becomes a major consideration when
staff or business partners have constant access to internal networks from
insecure external locations.

VPN (Virtual Private Network) technology provides a way of protecting


information being transmitted over the Internet, by allowing users to establish a
virtual private “tunnel” to securely enter an internal network, accessing
resources, data and communications via an insecure network such as the
Internet.

www.netrotik.com
Thank you

www.netrotik.com

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy