GRE and IPsec tunnels

Discussion in 'Cisco' started by Trouble, May 10, 2006.

  1. Trouble

    Trouble Guest

    What is GRE??? Is GRE and IPsec the same, how do they work together.

    Any information will be appreciated
    Trouble, May 10, 2006
    1. Advertisements

  2. GRE (Generic Routing Encapsulation) is a protocol which allows you to carry
    different protocols (IP, IPX, DEC net, etc.) over IP. This is done by
    encapulating the entire packet in an IP packet for transmission over an IP
    network, and then removing the encapsulation at the other end.

    IPSec is a protocol that's designed to protect individual TCP/IP packets
    traveling across a network by using public key encryption.

    By combining the 2 protocols you can encapsulate traffic in GRE tunnel and
    then encrypt these packets for transmission over an insecure medium such as
    the internet. To the networks at each end of the tunnel the connection
    between the 2 looks like a point-to-point connection.

    Making a cup of coffee is like making love to a beautiful woman. It's got to
    be hot. You've got to take your time. You've got to stir... gently and
    firmly. You've got to grind your beans until they squeak. And then you put
    in the milk.
    - Swiss Tony
    Buzz Lightbeer, May 10, 2006
    1. Advertisements

  3. Trouble

    Merv Guest

    What is GRE??? Is GRE and IPsec the same, how do they work together.

    Are they the same - NO

    GRE is a tunneling protocol that was originally developed by Cisco, and
    it can do a few more things than IP-in-IP tunneling. For example, you
    can also transport multicast traffic and IPv6 through a GRE tunnel.

    see RFC 2784 for technical details.

    The GRE protocol does not encypted traffic carried over a tunnel.

    IPSEC is encrypted IP

    How to they work together - one good example is how to cary routing
    protocols like EIGRP or OSPF over an ISEC VPN tunnel. IPSEC only
    support unicast traffic and EIGRP and OSPF use multicast destintion IP

    So GRE is used with IPSEC to accomplish this feat - see Cisco doc
    Merv, May 10, 2006
  4. Trouble


    Mar 23, 2006
    Likes Received:
    [COLOR=#008000] documentation/atX900/275/pdf/gre.pdf 
    From the quote above I can see there are two type of encapsulation happens to the origin packet :

    A- GRE packet
    B- Dekivery packet.

    As we know that the terminology "payload" is for data portion within a packet, not for the whole packet ......Am I right ?

    How does it come that he says: "in general case , a network layer packet called the payload packet" ?

    Yes it makes sense if he says that : "The original packet is the payload for the final packet".
    as has been sated here:
    zillah, May 12, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.