ellis_b Tue, 10/30/2007 - 08:09
User Badges:
  • Bronze, 100 points or more

you can use them over both. I use a GRE tunnel from my house to my office to pass my VoIP traffic, whereas I pass my other data traffic through an IPSEC AES tunnel. The GRE tunnel has MUCH LESS overhead/latency than the IPSEC tunnel.


-brad

www.ccbootcamp.com


rajatsetia Tue, 10/30/2007 - 08:46
User Badges:
  • Bronze, 100 points or more

Tunnel as the word suggest is kind of virtual path defined (defined a virtual tunnel) in a shared network.


Now Internet is a shared network and WAN can also be shared network e.g. for diferent offices. So usage depend on need and can be used anywhere be it wan or internet.


In order to use isolate the defined traffic over a shared network you various tunneling techniques.


we can use GRE or IPSEC or both to make tunnel between two gateways, as Brad said , GRE has much less overhead than IPSEC tunnel but GRE only do the encapsulation and it does not provide the data encryption.


One of very frequent use of GRE is where you have to use routing protocols over the tunnel. As IPSEC doesnt support multicast ( most of the protocol talk over multicast) so GRE tunnel is deployed in order to use routing protocol.


HTH


rate if it helps.

carl_townshend Tue, 10/30/2007 - 10:28
User Badges:

so do they act the same as a site to site vpn without the encryption ? are they easy to set up ?

rajatsetia Tue, 10/30/2007 - 15:10
User Badges:
  • Bronze, 100 points or more

yes, you can say that gre tunnel is vpn without encryption.


easy setup is kind of relative term and if you say if they are easy to setup then ipsec, then i would say yes.


HTH


rate if it does


rgds

carl_townshend Mon, 11/05/2007 - 03:27
User Badges:

i cannot see why you would use them over the internet as they have no encryption, does isps use them, can you give me an example of the setup ?

rajatsetia Thu, 11/08/2007 - 07:16
User Badges:
  • Bronze, 100 points or more

hi,


you are quite right, mostly GRE+IPSEC has been used to built VPN tunnel over internet basically where they need GRE advantages with encryption.


about service provider, in my point of view , i donnt think so anybody is using pure gre tunnel over the internet.


but yeah they can use gre tunnel within their network to isolate various type of traffic.


below are the various doc which will give enuf information


IPSEC+GRE Tunnel, here they have used different devices for IPSEC and GRE, but you can have both on single device.


http://www.cisco.com/warp/public/707/gre_ipsec_ospf.html


sorry, previously i have given wrong example of using gre in provider network, that has more to do with VRF in GRE tunnel ..


HTH


rate if does help


rgds

Actions

This Discussion