No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
GRE Security Mechanisms

GRE Security Mechanisms

GRE provides two types of security mechanisms:

Checksum Verification

Checksum verification is an end-to-end check on encapsulated packets.

If the C bit in the GRE header is set to 1, the checksum is valid. The sender calculates the checksum based on information in the GRE header and the payload and then sends the packet containing the checksum to the receiver. The receiver calculates the checksum based on information in the received packet and compares the calculated value with the checksum in the packet. If they are the same, the receiver forwards the packet. If they are different, the receiver discards the packet.

You can enable or disable checksum verification on both ends of a tunnel in actual applications. If checksum verification is enabled on the local end and disabled on the remote end, the local end does not check the checksum values of received packets, but checks the checksum values of packets to be sent. If checksum verification is disabled on the local end and enabled on the remote end, the local end checks the checksum values of received packets, but does not check the checksum values of packets to be sent.

Key Authentication

Key authentication is used to verify the validity of a tunnel interface. This security mechanism ensures that a device accepts only packets sent from a valid tunnel interface and discards invalid packets.

If the K bit in the GRE header is set to 1, a four-byte Key field is inserted into the GRE header. Both the receiver and the sender need to authenticate the key.

The Key field is used to identify the traffic in a tunnel. Packets transmitted over the same tunnel use the same key. During decapsulation, GRE identifies data packets based on the key. Packets pass key authentication only when the keys on both ends of the tunnel are consistent. Otherwise, packets failing the key authentication are discarded. When both ends of a tunnel have no key or the same key, the key configurations on the two ends are consistent.

Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 150690

Downloads: 365

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next