Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1139
Views
1
Helpful
3
Replies

GRE Tunnel

Go to solution
Melvinb1981
Level 1
Level 1

‎01-18-2020 09:46 PM - edited ‎01-18-2020 09:46 PM

Good Day,

 

In what scenario would you ever configure just a GRE tunnel between Branches without IPSEC (encryption)?

 

Regards,  

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Melvinb1981

‎01-19-2020 09:29 AM - edited ‎01-20-2020 09:50 AM

Yes, that's correct; i.e. you can do multicast across a GRE/IPSec tunnel. (Or a [IPSec] VTI tunnel too.)

Generally, you see pure GRE tunnels used "internally" or perhaps across a "private" (non-Internet) WAN. That said, unless you're worried about your service provider(s) snooping your traffic, it's not all that easy for a 3rd party to snoop your GRE traffic on the Internet unless they've got control over a provider's device your traffic transits. Even then it can be a bit difficult.

As to why do GRE w/o encryption, it's so you can usually obtain a higher data transfer rates, first because there's less overhead, second, often devices do not offer the same level of performance for encrypted traffic as they might for non-encrypted traffic.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Georg Pauwen
VIP
VIP

‎01-18-2020 11:43 PM

Hello,

 

it depends on what level of protection you need. Have a look at the link below. The main difference is that simple GRE tunnels can carry multicast traffic, and can participate in dynamic routing (e.g. EIGRP, RIP, OSPF), whereas IPSec tunnels cannot...

 

https://ipwithease.com/gre-vs-ipsec/

Go to solution
Melvinb1981
Level 1
Level 1
In response to Georg Pauwen

‎01-18-2020 11:55 PM

Thanks for the reply,

 

What i am getting at is using gre over ipsec as that supports multicast correct, this in turn allows you to use the routing protocols that support multicast.

 

Im just unsure why you would use gre seperately as its not encrypted

 

Regards,

 

 

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Melvinb1981

‎01-19-2020 09:29 AM - edited ‎01-20-2020 09:50 AM

Yes, that's correct; i.e. you can do multicast across a GRE/IPSec tunnel. (Or a [IPSec] VTI tunnel too.)

Generally, you see pure GRE tunnels used "internally" or perhaps across a "private" (non-Internet) WAN. That said, unless you're worried about your service provider(s) snooping your traffic, it's not all that easy for a 3rd party to snoop your GRE traffic on the Internet unless they've got control over a provider's device your traffic transits. Even then it can be a bit difficult.

As to why do GRE w/o encryption, it's so you can usually obtain a higher data transfer rates, first because there's less overhead, second, often devices do not offer the same level of performance for encrypted traffic as they might for non-encrypted traffic.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card