05-25-2023 05:25 PM
05-25-2023 05:39 PM - edited 05-25-2023 05:40 PM
GRE is sent in the clear and IPSec is encrypted.
GRE can also encapsulate many protocols (hence the name Generic).
05-25-2023 09:50 PM - edited 05-25-2023 09:51 PM
To go further GRE/IPSEC serve different purposes and have distinct characteristics.
GRE is primarily used for encapsulating and transporting arbitrary network layer protocols over an IP network. It creates a virtual point-to-point tunnel between two endpoints, allowing the encapsulation of various protocols for secure transmission.
IPsec, on the other hand, is a security protocol suite used for securing IP communications. It provides data confidentiality, integrity, and authentication for IP packets. IPsec can be used to create secure tunnels for VPN connections.
In terms of encapsulation:
GRE encapsulates the entire IP packet, including the original IP header, within a new IP packet. This allows the transmission of non-IP protocols over an IP network.
IPsec adds a new IP header and encapsulates the original IP packet within an IPsec packet. The IPsec packet provides security services such as encryption, authentication, and integrity protection.
In terms of security:
GRE itself does not provide any inherent security mechanisms. It only provides encapsulation and transport capabilities.
IPsec is specifically designed for security and provides mechanisms for encryption, authentication, and integrity protection of IP packets.
Finaly, GRE is more flexible in terms of encapsulating various protocols, including non-IP protocols. IPsec is specifically designed for securing IP traffic and provides standardized security mechanisms.
In practice, GRE and IPsec are often used together. GRE tunnels can be encrypted and secured using IPsec to create secure VPN connections over untrusted networks.
05-26-2023 12:19 AM
many points different but the main differ is
if you use public network (internet) use IPsec since it secure (I am talking about differ between GRE and IPsec not between GRE/IPsec and IPsec)
if you use private use GRE
if you need to run IGP over tunnel use GRE, IPsec not support multicast (IPsec is P2P)
firewall not support GRE you need to use IPsec and if you face issue with multicast go to use SVTI
05-26-2023 05:03 AM - edited 05-26-2023 02:49 PM
So, many I wonder why you ask. Have you "researched" either? If not, you might start with the Wiki entries (https://en.wikipedia.org/wiki/Generic_Routing_Encapsulation https://en.wikipedia.org/wiki/IPsec) for both.
If you find some particular detail, for either, unclear, post further questions.
05-26-2023 10:05 PM
IPsec/GRE - Doesnt support multicast or dynamic routing over tunnel as traffic is encrypted on physcal interface of the GRE tunnel
GRE/IPsec - Does Support multcast and dynamic routing over trunk, Ipsec runs on the Tunnel so entrie tunnel is encrypted
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: