Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > GRE and IPsec tunnels

Thread Tools

GRE and IPsec tunnels

Posts: n/a
What is GRE??? Is GRE and IPsec the same, how do they work together.

Any information will be appreciated

Reply With Quote
Buzz Lightbeer
Posts: n/a
"Trouble" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)
> What is GRE??? Is GRE and IPsec the same, how do they work together.
> Any information will be appreciated

GRE (Generic Routing Encapsulation) is a protocol which allows you to carry
different protocols (IP, IPX, DEC net, etc.) over IP. This is done by
encapulating the entire packet in an IP packet for transmission over an IP
network, and then removing the encapsulation at the other end.

IPSec is a protocol that's designed to protect individual TCP/IP packets
traveling across a network by using public key encryption.

By combining the 2 protocols you can encapsulate traffic in GRE tunnel and
then encrypt these packets for transmission over an insecure medium such as
the internet. To the networks at each end of the tunnel the connection
between the 2 looks like a point-to-point connection.

Making a cup of coffee is like making love to a beautiful woman. It's got to
be hot. You've got to take your time. You've got to stir... gently and
firmly. You've got to grind your beans until they squeak. And then you put
in the milk.
- Swiss Tony

Reply With Quote
Posts: n/a
> What is GRE??? Is GRE and IPsec the same, how do they work together.

Are they the same - NO

GRE is a tunneling protocol that was originally developed by Cisco, and
it can do a few more things than IP-in-IP tunneling. For example, you
can also transport multicast traffic and IPv6 through a GRE tunnel.

see RFC 2784 for technical details.

The GRE protocol does not encypted traffic carried over a tunnel.

IPSEC is encrypted IP

How to they work together - one good example is how to cary routing
protocols like EIGRP or OSPF over an ISEC VPN tunnel. IPSEC only
support unicast traffic and EIGRP and OSPF use multicast destintion IP

So GRE is used with IPSEC to accomplish this feat - see Cisco doc

Reply With Quote
zillah zillah is offline
Join Date: Mar 2006
Posts: 39
Code: documentation/atX900/275/pdf/gre.pdf 

In the general case, a network layer packet, called the payload packet, is encapsulated in a GRE packet, which may also include source route information.

The resulting GRE packet is then encapsulated in some other network layer protocol, called the delivery protocol, and then forwarded
From the quote above I can see there are two type of encapsulation happens to the origin packet :

A- GRE packet
B- Dekivery packet.

As we know that the terminology "payload" is for data portion within a packet, not for the whole packet ......Am I right ?

How does it come that he says: "in general case , a network layer packet called the payload packet" ?

Yes it makes sense if he says that : "The original packet is the payload for the final packet".
as has been sated here:
Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco ASA5510 and GRE Tunnels? Xavier Veral Cisco 1 07-21-2007 12:23 PM
3x Cisco 1841 and GRE tunnels through Internet DH3JHZ Cisco 0 07-09-2007 10:01 AM
3750 and GRE Tunnels daddieos Cisco 0 06-19-2007 05:58 PM
Number of IKE Tunnels and IPSec Tunnels philbo30 Cisco 1 04-12-2007 02:16 AM
Tunnels accesing other tunnels on concentrator ljorg Cisco 0 11-22-2006 01:43 PM