Communication between two private networks is not possible as the ISP is not aware of the private IP and moreover ACL is created on the ISP side which denies the private network. However, we can make communication possible with GRE.

What is GRE?

  • It stands for Generic Router Encapsulation.
  • GRE is a Layer 3 Protocol.
  • It uses IP Protocol number 47.
  • It adds 24-byte extra information.

In the above diagram, there are two private networks and at respective site A and B. Router 1 and Router 2 is connected to the ISP with public IP and respectively.

Configure PAT on R1 and R2 which translate the private IP into public IP. When user ping, the router translates source to but the destination remains the same A default route is configured on the router towards the ISP. As the packet reaches ISP, it gets dropped as ISP does not have any information about the private IP.

To overcome this problem, we create a tunnel interface with a private IP, specify the tunnel source and destination IP. Configure static routes and towards the tunnel interface on routers 1 & 2 respectively. A default route is still configured towards the ISP.

[NOTE- Tunnel source will be wan link IP and destination will be another end wan IP.]

Requirements for GRE Tunnel

  1. WAN link should be reachable.
  2. WAN IP should be static.

Configuration on Router

[NOTE- Tunnel source will be wan link IP and de]


When user ping, traffic goes to the gateway which is a router. Router 1 check the routing table and the longest prefix gets a match with the static route, so the router forwards the packet towards the tunnel interface. Then tunnel interface adds an extra IP header with the Packet of 24 bytes. The new IP header source will be the tunnel source and the destination will be the tunnel destination.

Again, a router looks in the routing table destination IP matches with the default route. The packet gets forwarded towards the ISP. ISP opens extra IP header see the destination as which is public IP so it forward towards R2.

R2 open external IP header accepts at Then open the internal header sees it as and forward it to the LAN.

We can enable routing protocol and advertise the private network over the ISP instead of giving a static route towards the tunnel interface. Neighborship will be formed on the tunnel interface.

Configuration on Router

EIGRP hello message will forward out of tunnel interface, adding extra IP header as below.

Now advertise the LAN network in eigrp.

The routing table of R2

Drawbacks of GRE

  • GRE tunnel is a point to point
  • GRE is not scalable
  • Require static WAN IP on each site which will be costly

NOTE: – If a LAN network wants to communicate with 50 other private networks. Then 50 such tunnels need to be created which will increase administrative work. So, GRE is not a scalable solution.

In the next blog, we are going to discuss DMVPN Phase 1,2, and 3.

There is a lot of information about GRE, that you can read here

Zindagi Technologies is an IT consulting company having engineers with decades of experience in planning, designing, and implementing Data Centers along with Managed IT Services, cybersecurity, and cloud services. If you want to avail yourself of any of the mentioned services, we are just a call away give us a call or WhatsApp us on +91 97739 73971. You can reach out to us on our mail too.

Jainul Khan
Associate Consultant

Comment (1)

Leave a comment