le 17-07-2024 04:04 AM
Hello,
I don't understand the difference between a gre tunnel and a site-to-site ipsec tunnel. I have the impression that it's exactly the same principle (authentication, encryption)?
Thanks
Résolu ! Accéder à la solution.
17-07-2024 04:09 AM - modifié 17-07-2024 04:10 AM
Hello @Saldebob
GRE and site-to-site IPsec tunnels serve different purposes and operate in distinct ways despite both being used to create virtual links over networks like the internet. GRE is primarily an encapsulation protocol that allows various network layer protocols to be tunneled between two endpoints, making it versatile for transporting different types of traffic such as multicast and IPv6 over an IPv4 network. However, GRE itself does not provide any built-in security features like encryption or authentication, meaning it can encapsulate data packets but cannot protect the data from being viewed or altered by unauthorized parties.
In contrast, site-to-site IPsec tunnels are designed to secure IP communications through robust encryption and authentication mechanisms. IPsec ensures data confidentiality, integrity, and authenticity by encrypting and authenticating each IP packet in a communication session. This makes IPsec suitable for secure VPNs over untrusted networks. IPsec can operate in transport mode (securing only the payload) or tunnel mode (securing the entire IP packet), with the latter commonly used for site-to-site VPNs. Combining GRE with IPsec allows leveraging GRE's encapsulation flexibility while benefiting from IPsec's security features, creating a secure and versatile tunneling solution ideal for complex enterprise network requirements.
le 17-07-2024 04:09 AM
GRE have no security at all
I think you meaning GRE over IPsec
so the Q will be different between IPsec VS GRE over IPSec
the ipsec is not support multicast
GRE over IPsec is support multicast
that all different
the Cisco and other vendor later introduce SVTI instead of using GRE over IPsec which secure and support multicast and have less overhead.
MHM
17-07-2024 04:09 AM - modifié 17-07-2024 04:10 AM
Hello @Saldebob
GRE and site-to-site IPsec tunnels serve different purposes and operate in distinct ways despite both being used to create virtual links over networks like the internet. GRE is primarily an encapsulation protocol that allows various network layer protocols to be tunneled between two endpoints, making it versatile for transporting different types of traffic such as multicast and IPv6 over an IPv4 network. However, GRE itself does not provide any built-in security features like encryption or authentication, meaning it can encapsulate data packets but cannot protect the data from being viewed or altered by unauthorized parties.
In contrast, site-to-site IPsec tunnels are designed to secure IP communications through robust encryption and authentication mechanisms. IPsec ensures data confidentiality, integrity, and authenticity by encrypting and authenticating each IP packet in a communication session. This makes IPsec suitable for secure VPNs over untrusted networks. IPsec can operate in transport mode (securing only the payload) or tunnel mode (securing the entire IP packet), with the latter commonly used for site-to-site VPNs. Combining GRE with IPsec allows leveraging GRE's encapsulation flexibility while benefiting from IPsec's security features, creating a secure and versatile tunneling solution ideal for complex enterprise network requirements.
Découvrez et enregistrez vos notes préférées. Revenez pour trouver les réponses d'experts, des guides étape par étape, des sujets récents et bien plus encore.
Êtes-vous nouveau ici? Commencez par ces conseils. Comment utiliser la communauté Guide pour les nouveaux membres
Parcourez les liens directs de la Communauté et profitez de contenus personnalisés en français