How to connect multiple branch offices to the headquarter using GRE tunnel

This demonstration was borne out of the many years of experience I have had deploying enterprise network solutions for cooperate organizations whose daily dependency on reliable connectivity across all branches at affordable cost can never be overemphasized. If you work for an organization that has the money to throw at service providers to provide them with leased lines on a full meshed topology, to connect all offices, then this post is not for you. In this demonstration, I will share with us how to connect three branch offices to the HQ using GRE tunneling.

To accomplish this, it is important to subscribe to the same ISP at all locations. This will ensure that all LAN to LAN communications reside within the ISP’s network,. This makes it a layer2 communications and increases the speed of inter LAN communication. It is important to state that this solution will also work even if all branches are not on the same network though communications across the LANs will be much slower since it will be over the internet and at a higher risk. Some companies, though on the same network across all locations, still go ahead to pay for layer 2 connection between offices. This payment is made monthly in addition to internet charges. What a waste!

To accomplish inter LAN communication among all four offices( three branch offices and the HQ), a tunnel will be created to connect each branch office’s network to the HQ. On the HQ router, there will three tunnels, each connecting a branch office’s network to the HQ. On each branch office router, there will be a tunnel connecting that branch office to the HQ. For a successful implementation of this setup, the IP addressing scheme should be carefully done to avoid overlap.

Network Topology:

The addressing scheme

HQ:Abuja(HQ)

WAN IPs:

1.1.1.1/30 connects to Lagos office.
2.2.2.1/30 connects to Kano office
3.3.3.1/30 connects to PHC office

LAN IP:

192.168.1.0/24, configured for HQ LAN.

Lagos office(branch office):

WAN IP: 1.1.1.2/30 connects to HQ.
LAN IP: 192.168.2.0/24

Kano office(branch office):

WAN IP: 2.2.2.2/30 connects to HQ
LAN IP:192.168.3.0/24

PHC office:

WAN IP: 3.3.3.2/30 connects to HQ
LAN IP: 192.168.4.0/24

Configuration:

HQ

HQ(config)#interface FastEthernet0/0
HQ(config-if)#ip address 192.168.1.1 255.255.255.0
HQ(config-if)#no shut
HQ(config)#interface Serial0/1/0
HQ(config-if)#description connections to PHC-office
HQ(config-if)#ip address 3.3.3.1 255.255.255.252
HQ(config-fi)#clock rate 64000
HQ(config-if)#no shut
HQ(config)#interface Serial0/2/0
HQ(config-if)#description connection to Kano-office
HQ(config-if)#ip address 2.2.2.1 255.255.255.252
HQ(config-if)#clock rate 64000
HQ(config-if)#no shut
HQ(config)#interface Serial0/3/0
HQ(config-if)#description connection to Lagos-office
HQ(config-if)#ip address 1.1.1.1 255.255.255.252
HQ(config-if)#clock rate 64000
HQ(config-if)#no shut

PHC:

PHC-office(config)#interface FastEthernet0/0
PHC-office(config-if)#ip address 192.168.4.1 255.255.255.0
PHC-office(config-if)#no shut
PHC-office(config)#interface Serial0/3/0
PHC-office(config-if)#description connections to HQ
PHC-office(config-if)#ip address 3.3.3.2 255.255.255.252
PHC-office(config-if)#no shut

Kano:

Kano-office(config)#interface FastEthernet0/0
Kano-office(config-if)#ip address 192.168.3.1 255.255.255.0
Kano-office(config-if)#no shut
Kano-office(config)#interface Serial0/3/0
Kano-office(config-if)#description connections to HQ
Kano-office(config-if)#ip address 2.2.2.2 255.255.255.252
Kano-office(config-if)#no shut

Lagos:

Lagos-office(config)#interface FastEthernet0/0
Lagos-office(config-if)#ip address 192.168.2.1 255.255.255.0
Lagos-office(config-if)#no shut
Lagos-office(config)#interface Serial0/3/0
Lagos-office(config-if)#description connections to HQ
Lagos-office(config-if)#ip address 1.1.1.2 255.255.255.252
Lagos-office(config-if)#no shut

 

At this point, connectivity has been established between HQ router and all branch office routers. To test, run pings from HQ router to all branch office routers. If successful, we move to the next step which is setting up GRE tunnels.

HQ:

HQ(config)#interface tunnel 0
HQ(config-if)#tunnel to Lagos LAN
HQ(config-if)#ip address 10.10.10.1 255.255.255.252
HQ(config-if)#tunnel mode gre ip
HQ(config-if)#tunnel source s0/3/0
HQ(config-if)#tunnel destination 1.1.1.2
HQ(config)#interface tunnel 1
HQ(config-if)#tunnel to Kano LAN
HQ(config-if)#ip address 20.20.20.1 255.255.255.252
HQ(config-if)#tunnel mode gre ip
HQ(config-if)#tunnel source s0/2/0
HQ(config-if)#tunnel destination 2.2.2.2
HQ(config)#interface tunnel 2
HQ(config-if)#tunnel to PHC LAN
HQ(config-if)#ip address 30.30.30.1 255.255.255.252
HQ(config-if)#tunnel mode gre ip
HQ(config-if)#tunnel source s0/1/0
HQ(config-if)#tunnel destination 3.3.3.2

PHC:

PHC-office(config)#interface tunnel 0
PHC-office(config-if)#tunnel to HQ LAN
PHC-office(config-if)#ip address 30.30.30.2 255.255.255.252
PHC-office(config-if)#tunnel mode gre ip
PHC-office(config-if)#tunnel source s0/3/0
PHC-office(config-if)#tunnel destination 3.3.3.1

Kano:

Kano-office(config)#interface tunnel 0
Kano-oofice(config-if)#tunnel to HQ LAN
Kano-office(config-if)#ip address 20.20.20.2 255.255.255.252
Kano-office(config-if)#tunnel mode gre ip
Kano-office(config-if)#tunnel source s0/3/0
Kano-office(config-if)#tunnel destination 2.2.2.1

Lagos:

Lagos-office(config)#interface tunnel 0
Lagos-office(config-if)#tunnel to HQ LAN
Lagos-office(config-if)#ip address 10.10.10.2 255.255.255.252
Lagos-office(config-if)#tunnel mode gre ip
Lagos-office(config-if)#tunnel source s0/3/0
Lagos-office(config-if)#tunnel destination 1.1.1.1
Now that GRE tunnels haven successfully set up, we implement static route for LAN to LAN communication via the tunnels.
HQ(config)#ip route 192.168.2.0 255.255.255.0 10.10.10.2 name lagos-office
HQ(config)#ip route 192.168.3.0 255.255.255.0 20.20.20.2 name kano-office
HQ(config)#ip route 192.168.4.0 255.255.255.0 30.30.30.2 name PHC-office

Lagos:

Lagos-office(config)#ip route 192.168.1.0 255.255.255.0 10.10.10.1

Kano:

Kano-office(config)#ip route 192.168.1.0 255.255.255.0 20.20.20.1

PHC:

PHC-office(config)#ip route 192.168.1.0 255.255.255.0 30.30.30.1

Verification

To verify, access the server on HQ LAN from any of the PCs on branch office networks.

Conclusion

In conclusion, it is worthy of note that Cisco GRE does not provide any form of encryption for the data sent through the tunnel. An alternative solution to this, is GRE tunnel on Mikrotik. Mikrotik tunnel allows for encryption using IPSec. For how to implement GRE with IPSec on Mikrotik, Click
Spread the love

Timigate

I believe that Africa will advance technologically if knowledge is shared among the living than out of greed, taken to the grave.

Leave a Reply

Your email address will not be published. Required fields are marked *