Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bascheew
New Contributor III

Difference between "config system gre-tunnel" and "set encapsulation gre"

I have discovered that there are two methods of building IPSEC GRE tunnels.

[ol]
  • The method most often referenced is to build a typical interface-based VPN and set the phase 2 encapsulation mode to "transport".  Then configure a third component -- a GRE tunnel under 'config system gre-tunnel'.  In addition to this there is then also a GRE interface under system interfaces.  (See https://kb.fortinet.com/kb/documentLink.do?externalID=FD33841 for reference)
  • The far simpler way is to create a normal interface-based VPN and set the phase 1 interface to 'set encapsulation gre'.  Then the GRE IPs are setup under the phase-1 system interface just like the normal interface-based VPN. (See https://kb.fortinet.com/kb/documentLink.do?popup=true&externalID=FD40312&languageId= for reference).[/ol]

    The second config is simpler and far more intuitive.  Is there a reason there are two methods?  Is one the "old" way and the other the "new" way?

     

  • 0 REPLIES 0