Solved: Compare GRE over IPSEC & IPSEC VPN

petpkcui1 · ‎07-16-2017

Hi all ,

I'm reseaching about GRE and IPSEC . But i'm wondering that what is the different between GRE over IPSEC & ISEC VPN???

I'm really confused about them.

Can someone explain for me???

Thank for help :D

David Anderson · ‎07-17-2017

I have full articles of the configuration for both at loopedback.com as I was studying for route, essentially mGRE is much less to configure, but there are some very important details plus you need the "ipsec security profile" included in the configuration.

Generally I only see site to site, and client VPN, though Meraki is making its Cloud VPN a cheap and viable way to sort of do a DMVPN like setup with easy configuration so I don't see a whole lot of that configured on routers anymore.

IPSec is a bit heftier than GRE over IPsec for some reason to configure, but here are the exact differences:

Deep Dive into IPSec configuration

Deep Dive into GRE over IPSec

View solution in original post

Joseph W. Doherty · ‎07-17-2017

GRE and IPSec, is a GRE tunnel using IPSec for encryption.

IPSec VPN is IPSec without the GRE protocol.

Generally the latter saves at least 28 bytes of overhead. The latter, however, might also have some protocol transport limitations that GRE supports.

petpkcui1 · ‎07-17-2017

Tks Joseph,

Can u explain more the differrent between them? Which is most used, the typical of each protocol, etc.. :D

David Anderson · ‎07-17-2017

I have full articles of the configuration for both at loopedback.com as I was studying for route, essentially mGRE is much less to configure, but there are some very important details plus you need the "ipsec security profile" included in the configuration.

Generally I only see site to site, and client VPN, though Meraki is making its Cloud VPN a cheap and viable way to sort of do a DMVPN like setup with easy configuration so I don't see a whole lot of that configured on routers anymore.

IPSec is a bit heftier than GRE over IPsec for some reason to configure, but here are the exact differences:

Deep Dive into IPSec configuration

Deep Dive into GRE over IPSec

Joseph W. Doherty · ‎07-17-2017

I don't know which is used more often.

At my current employer, we only use GRE/IPSec if newer VTI IPSec tunnels are not supported.

GRE/IPSec was supported longer, so those used to doing it that way (i.e. for those that go by - if it ain't broke, don't fix it), such tunnels might have not been updated as IOS features were upgraded to allow building tunnels w/o GRE.

I find the newer VTI tunnels much easier to configure than GRE/IPSec tunnels that require map classes (or the even older versions that also required configuration on the tunnel and physical interfaces.)

Again, GRE/IPSec lets you, I also believe, do anything across the VPN you might do with GRE, which is pretty flexible. For example, you might run any routing protocol across the tunnel.

"Pure" IPSec was more oriented to host-to-host encryption, but something like VTI tunnels uses IPSec in such away it functions as much as a GRE/IPSec tunnel.

petpkcui1 · ‎07-17-2017

Tks for help :p Bro :D

David Anderson · ‎07-18-2017

You are sure welcome if you were talking to me, there are 5 stars back at ya :)

petpkcui1 · ‎07-18-2017

My E not good, but hope u can understand what i wrote :D

petpkcui1 · ‎07-17-2017

Tks David:D