01-22-2008 07:11 AM - edited 03-03-2019 08:22 PM
Okay, so I am a bit confused on the difference, if any, between the two. GRE's can be encrypted using IPSec and apparently a VPN doesn't necessarily have to be encrypted. So my questions are:
Does a GRE tunnel qualify as a VPN?
How/what is a VPN that isn't encrypted?
Thanks for the help!
Solved! Go to Solution.
01-22-2008 08:22 AM
Donald
I believe that you and some others are looking for some precision of definition in terms that are generally treated loosely and not well defined. I would like to build off the points that Dandy makes: a Virtual Private Network is a network that makes a machine (or a subnet, or a network) that is not physically connected a "virtual" member of some network. In that sense there is no requirement for encryption, and I believe that this is the meaning taken in the wikipedia article. And in that sense then GRE probably does qualify as one kind of VPN.
Another aspect is to observe that a VPN is generally regarded as being a tunnel and that GRE is a tunneling technology. So that would suggest to some people that VPN and GRE are terms that mean the same thing.
But for many people a somewhat more strict meaning is understood when we discuss VPN. To them encryption is a essential ingredient of VPN. And in that sense GRE does not qualify as a VPN since GRE does not provide encryption.
I believe that it gets especially confusing since GRE is so frequently combined with IPSec. And in that sense GRE is very closely related to VPN and could be considered one form of VPN.
While I am known to be one who favors using terms as precisely as possible, I recognize that there is much imprecision in the common usage of the term VPN. I believe that you will need to be clear about the context and the way in which you use the term because there is not any widely accepted precise definition of what constitutes a VPN.
HTH
Rick
01-22-2008 07:17 AM
No, GRE is not VPN. It provides no encryption at all. It only encapsulates packets. The most common use of GRE is to allow for multicast to go across an IPsec tunnel. This allows you to run things such as routing protocols over an IPsec VPN tunnel.
01-22-2008 07:20 AM
No, GRE tunnel does not qualify as a VPN since it doesn't provide any encryption. GRE tunnel provides the ability to carry non-IP traffic such as routing protocols.
I don't understand the 2nd question. A VPN needs to be encrypted or it's not a VPN.
HTH,
__
Edison.
01-22-2008 07:37 AM
So a VPN has to be encrypted?
That would help clear things up for me, but on wikipedia it states:
"VPN need not have explicit security features, such as authentication or content encryption".
01-22-2008 07:43 AM
I think wikipedia is referring along the lines of trusted VPNs such as MPLS. I wouldn't call GRE a trusted VPN.
Please see this URL for more info:
http://www.vpnc.org/vpn-standards.html
HTH,
__
Edison.
01-22-2008 07:46 AM
Hi,
VPN stand for Virtual Private Network. It is a private network that uses public network (internet) to connect remote sites or users together.
Security is one of the component of well designed VPN. Encryption is used to secure data communication accross VPN. The popular encryption method is IPSec (DES | 3DES)
The word "Private" in VPN is argumentative. For some, any tunneling that connects remote sites or users together across a public network (internet) is called VPN - as what the definition says. However, others will use the word "Private" as secure :) - it will not be "Private" if unauthorized people can see the data flowing accross the tunnel :)
Regards,
Dandy
01-22-2008 08:22 AM
Donald
I believe that you and some others are looking for some precision of definition in terms that are generally treated loosely and not well defined. I would like to build off the points that Dandy makes: a Virtual Private Network is a network that makes a machine (or a subnet, or a network) that is not physically connected a "virtual" member of some network. In that sense there is no requirement for encryption, and I believe that this is the meaning taken in the wikipedia article. And in that sense then GRE probably does qualify as one kind of VPN.
Another aspect is to observe that a VPN is generally regarded as being a tunnel and that GRE is a tunneling technology. So that would suggest to some people that VPN and GRE are terms that mean the same thing.
But for many people a somewhat more strict meaning is understood when we discuss VPN. To them encryption is a essential ingredient of VPN. And in that sense GRE does not qualify as a VPN since GRE does not provide encryption.
I believe that it gets especially confusing since GRE is so frequently combined with IPSec. And in that sense GRE is very closely related to VPN and could be considered one form of VPN.
While I am known to be one who favors using terms as precisely as possible, I recognize that there is much imprecision in the common usage of the term VPN. I believe that you will need to be clear about the context and the way in which you use the term because there is not any widely accepted precise definition of what constitutes a VPN.
HTH
Rick
01-22-2008 12:59 PM
Donald
You asked a very interesting and subtle question. I am glad that my answer was helpful. Thank you for using the rating system to indicate that your question was resolved (and thanks for the rating). It makes the forum more useful when people can read a question and can know that they will read answers that resolved the question (especially when it is a really interesting question).
The forum is an excellent place to learn more about Cisco networking. I encourage you to continue your participation in the forum and to keep asking good questions.
HTH
Rick
01-22-2008 08:42 AM
So the answer relies on the encryption?
Would a GRE tunnel over IPSec be considered/qualified as a VPN?
Or is it the IPSec is the VPN component and is carrying the GRE tunnel?
01-22-2008 08:53 AM
The latter is correct.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: