• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 690
  • Last Modified:

IP tunnel

interface Tunnel1
 description XX-YY
 ip address
 ip mtu 1500
 ip nat inside
 tunnel source
 tunnel destination

I don't have any concept of IP tunnel and I want to clarify my understanding.

Do it mean that any packet pass through this tunnel will be encrypted with a source IP of with destination of What is the IP of the Tunnel 1 use for ? Any good reference and example on how IP tunneling work ?
3 Solutions
IP tunnel is generic term for using packet encapsulation to pass packets through one or more networks. Encryption is an additional step one can add during the packet encapsulation.

The few lines of configuration shown looks like GRE IP tunnel for cisco routers, but only for one half of the tunnel.

For more reference you can look at:


at the "Configure a Tunnel Interface" section.
The current packets including its IP header with source address & port will be encrypted then encapsulated in a new packets with its own header. The new packet`s source and destination address are router`s WAN IP on both ends of the tunnel.

At the other end the packets is decapsulated, decrypted, then placed on the LAN segment.
AXISHKAuthor Commented:
Hi, Danny

Do you mean the new packet will use the IP of the "tunnel source" and "tunnel destination" as the source and destination ?

What is the usage of IP address of the Tunnel interface ? To me, it seem that tunnel source and destination is only involved in the routing, rather than the Tunnel IP address. True ?

You oftentimes create a GRE tunnel over an IPSec tunnel.  The reason in that case that the tunnel would have IP addresses on each end is so that routing protocols and/or multicast traffic can pass.  Multicast and routing protocols (which utilize Multicast or broadcast) will not generally pass an IPSec tunnel.  Since you can't run your own routing protocol or multicast over the Internet....you use tunnels.

The tunnel IP's are generally on the inside of your network.  Like on the LAN interface of your router.  So now the tunnel can participate in routing and pass multicast and routing updates etc.

Some other reasons for tunnels are using non-routable protocols, or tunneling IPX over an IP network (like the Internet)

If you post more of the config (with pertinent info marked out) we could determine more precisely the need and config of your tunnel.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now