[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


IP tunnel

Posted on 2006-06-02
Medium Priority
Last Modified: 2011-04-14
interface Tunnel1
 description XX-YY
 ip address
 ip mtu 1500
 ip nat inside
 tunnel source
 tunnel destination

I don't have any concept of IP tunnel and I want to clarify my understanding.

Do it mean that any packet pass through this tunnel will be encrypted with a source IP of with destination of What is the IP of the Tunnel 1 use for ? Any good reference and example on how IP tunneling work ?
Question by:AXISHK

Accepted Solution

fpintos earned 1200 total points
ID: 16815104
IP tunnel is generic term for using packet encapsulation to pass packets through one or more networks. Encryption is an additional step one can add during the packet encapsulation.

The few lines of configuration shown looks like GRE IP tunnel for cisco routers, but only for one half of the tunnel.

For more reference you can look at:


at the "Configure a Tunnel Interface" section.

Assisted Solution

Danny_Larouche earned 400 total points
ID: 16816169
The current packets including its IP header with source address & port will be encrypted then encapsulated in a new packets with its own header. The new packet`s source and destination address are router`s WAN IP on both ends of the tunnel.

At the other end the packets is decapsulated, decrypted, then placed on the LAN segment.

Author Comment

ID: 16817684
Hi, Danny

Do you mean the new packet will use the IP of the "tunnel source" and "tunnel destination" as the source and destination ?

What is the usage of IP address of the Tunnel interface ? To me, it seem that tunnel source and destination is only involved in the routing, rather than the Tunnel IP address. True ?


Assisted Solution

jfrady earned 400 total points
ID: 16821137
You oftentimes create a GRE tunnel over an IPSec tunnel.  The reason in that case that the tunnel would have IP addresses on each end is so that routing protocols and/or multicast traffic can pass.  Multicast and routing protocols (which utilize Multicast or broadcast) will not generally pass an IPSec tunnel.  Since you can't run your own routing protocol or multicast over the Internet....you use tunnels.

The tunnel IP's are generally on the inside of your network.  Like on the LAN interface of your router.  So now the tunnel can participate in routing and pass multicast and routing updates etc.

Some other reasons for tunnels are using non-routable protocols, or tunneling IPX over an IP network (like the Internet)

If you post more of the config (with pertinent info marked out) we could determine more precisely the need and config of your tunnel.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
This program is used to assist in finding and resolving common problems with wireless connections.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question