Solved: GRE over IPsec

csc010854800 · ‎09-18-2008

friends,

can anybody provide me with the difference between GRE and IPsec or any such topic explaining that......

Giuseppe Larosa · ‎09-18-2008

Hello Yogesh,

GRE = Generic Routing Encapsulation is a protocol that has been introduced to provide a way to transport OSI L2 or OSI L3 frames over an IP network: for example to interconnect IPX lans via an IP network, GRE can also carry IPv4 packets in this second case it provide a virtual point-to-point link between two routers that don't need to be directly connected.

GRE support multicast traffic and allows routing protocols to be used over it.

IPSec = is a group of protocols and features that have been introduced to provide security services over the network like authentication, encryption, non-repudiation and so on.

IPSec provides a way to secure and protect traffic between two endpoints and include protocols for negotiation and setup of the communication. IPSec is thought to carry IPv4 unicast packets (no multicast support)

To be noted that the two can be used together because they provide different features and complement each other in this case usually the GRE packet is the payload of IPSec.

For example see the following link:

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/P2P_GRE_IPSec/1_p2pGRE_Phase2_external_docbase_0900e4b180a3efed_4container_external_docbase_0900e4b180ad8740.html

an introduction to ipsec

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎09-18-2008

Hello Yogesh,

GRE = Generic Routing Encapsulation is a protocol that has been introduced to provide a way to transport OSI L2 or OSI L3 frames over an IP network: for example to interconnect IPX lans via an IP network, GRE can also carry IPv4 packets in this second case it provide a virtual point-to-point link between two routers that don't need to be directly connected.

GRE support multicast traffic and allows routing protocols to be used over it.

IPSec = is a group of protocols and features that have been introduced to provide security services over the network like authentication, encryption, non-repudiation and so on.

IPSec provides a way to secure and protect traffic between two endpoints and include protocols for negotiation and setup of the communication. IPSec is thought to carry IPv4 unicast packets (no multicast support)

To be noted that the two can be used together because they provide different features and complement each other in this case usually the GRE packet is the payload of IPSec.

For example see the following link:

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/P2P_GRE_IPSec/1_p2pGRE_Phase2_external_docbase_0900e4b180a3efed_4container_external_docbase_0900e4b180ad8740.html

an introduction to ipsec

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml

Hope to help

Giuseppe

csc010854800 · ‎09-18-2008

Hi Giuseppe,

Thanks for providing me with this useful information.

already rated the post.kindly provide me with the difference between layer 2 VPN and layer 3 VPN and their implementation in the real world.........

Giuseppe Larosa · ‎09-18-2008

Hello Yogesh,

thanks for your kind remarks

a Layer3 VPN accepts L3 packets and route them between sites.

MPLS L3 VPN are a good example of L3 VPN

other possibilities are IPSEc VPNs : ipsec secure communications over the internet is becoming very common.

A Layer2 VPN service accepts L2 frames and transport them to the remote site. Inside the l2 frames L3 packets are carried.

Examples of L2 VPN:

FRame Relay service or ATM service

EoMPLS ethernet over MPLS and other MPLS L2 VPN including VPLS. These are becoming popular as replacement for FR/ATM services.

L2 VPN and L3 VPN can be implemented also using L2TPv3.

Hope to help

Giuseppe