Tunnel interfaces provide a point-to-point connection between two routers
through a virtual software interface. They also appear as one direct link
between routers hiding the underlying infrastructure that are connected via a
large network, such as the Internet. However, tunnel interfaces should not to
be confused with IPSec or L2TP tunnels, which can act as tunnels but not as
true Cisco IOS interfaces.
Further tunnel interface configuration
information that may prove important is as follows:
- Unnumbered Layer 3 addresses are supported but not allowed for by
IPSec.
- Access-lists can be applied to the tunnel interface.
- QoS supports traffic requiring consistent service such as voice over
IP.
- Committed Access Rate (CAR), Weighted Fair-Queue (WFQ), and Weighted Random
Early Detection (WRED) are not supported on tunnel interfaces at this
time.
GRE
Generic Routing Encapsulation (GRE) tunnels provide a
designated pathway across the shared Wide Area Network (WAN) and encapsulate
traffic with new packet headers, which ensures delivery to specific
destinations
,
,
. The network is
private because traffic can enter a tunnel only at an endpoint. Tunnels do not
provide true confidentiality as encryption does, but can carry encrypted
traffic. IPSec can be used to encrypt data before it enters as well as after it
leaves the GRE tunnel.