Configure GRE Tunnel to the Branch Office

The purpose of this Free CCNP Lab is to demonstrate the impact on routing services and addressing schemes when deploying IPsec VPNs at branch office routers. Although sample configurations are provided, detailed explanations of Dynamic Host Configuration Protocol (DHCP), Network Address Translation (NAT), IPsec VPNs, and GRE are beyond the scope of this training activity. 

Your organization is expanding its operation and wants to connect a branch site. To avoid expensive WAN costs, the decision was made to use the Internet as the WAN link. You suggest using a test network to implement an IPsec VPN to support all traffic going between corporate sites. In addition, you want to configure dynamic routing between sites, by implementing Generic Routing Encapsulation (GRE). 

Note: This lab has been created using Packet Tracer but can be completed using GNS3 or real hardware. This lab uses Cisco 1841 routers with Cisco IOS Release 12.4(24)T1 and the Advanced IP Services image c1841-advipservicesk9-mz.124-24.T1.bin. You can use other routers (such as a 2801 or 2811) and Cisco IOS Software versions if they have comparable capabilities and features. Depending on the router and Cisco IOS Software version, the commands available and output produced might vary from what is shown in this lab. 


  • Configure DHCP
  • Configure NAT.
  • Configure an IPsec VPN.
  • Configure a GRE tunnel over IPsec.
  • Enable dynamic routing over a GRE tunnel.
  • Verify the configuration and operation using show and debug commands. 


Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. 

IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite. It can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). 


A virtual private network (VPN) extends a private network and the resources contained in the network across public networks like the Internet. It enables a host computer to send and receive data across shared or public networks as if it were a private network with all the functionality, security and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.

The VPN connection across the Internet is technically a wide area network (WAN) link between the sites but appears to the user as a private network link—hence the name “virtual private network”. 


Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol internetwork.

Download this lab now:

  GRE-Tunnel (324.1 KiB, 4,084 hits)

Bookmark and Share
You can leave a response, or trackback from your own site.

2 Responses to “Configure GRE Tunnel to the Branch Office”

  1. saman says:


    In this lab, what version of packet tracer is used?

    please help me.

    thank you

Leave a Reply

What is 13 + 12 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)


Powered by WordPress | Designed by: backlinks | Thanks to internet marketing, etiketten drucken and index backlink