GRE and IPsec tunnels

- T
- Trouble
  
  Contact options for registered users
posted
17 years ago

Wed, May 10, 2006 7:39 PM

What is GRE??? Is GRE and IPsec the same, how do they work together.

Any information will be appreciated

- B
- Buzz Lightbeer
  
  Contact options for registered users
Vote on answer
posted
17 years ago

Wed, May 10, 2006 9:19 PM

GRE (Generic Routing Encapsulation) is a protocol which allows you to carry different protocols (IP, IPX, DEC net, etc.) over IP. This is done by encapulating the entire packet in an IP packet for transmission over an IP network, and then removing the encapsulation at the other end.

IPSec is a protocol that's designed to protect individual TCP/IP packets traveling across a network by using public key encryption.

By combining the 2 protocols you can encapsulate traffic in GRE tunnel and then encrypt these packets for transmission over an insecure medium such as the internet. To the networks at each end of the tunnel the connection between the 2 looks like a point-to-point connection.

BL

- M
- Merv
  
  Contact options for registered users
Vote on answer
posted
17 years ago

Wed, May 10, 2006 9:20 PM

Are they the same - NO

GRE is a tunneling protocol that was originally developed by Cisco, and it can do a few more things than IP-in-IP tunneling. For example, you can also transport multicast traffic and IPv6 through a GRE tunnel.

see RFC 2784 for technical details.

The GRE protocol does not encypted traffic carried over a tunnel.

IPSEC is encrypted IP

How to they work together - one good example is how to cary routing protocols like EIGRP or OSPF over an ISEC VPN tunnel. IPSEC only support unicast traffic and EIGRP and OSPF use multicast destintion IP addresses.

So GRE is used with IPSEC to accomplish this feat - see Cisco doc

formatting link