Its has need IPSEC over GRE ?

Unanswered Question
Jun 22nd, 2008
User Badges:


I have some branches which connect HO Via ISP.

I configure Tunnel among the HO-branch.

data pass through tunnel now.

now I need VPN between Ho-branch ?. as data pass within tunnel so it is protected. so why I am encrypted data ?.

any possible hacking the data when it pass through tunnel ?.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
biplobkhan Sun, 06/22/2008 - 23:19
User Badges:


My query is not about encryption.

I want to know if two sites are build up tunneling then any changes data hacking.

As wiithin tunnel data is protected pass then why I am configure IPSec over GRE ?

I think all are understand my confusing matter VPN over tunnel.



a.alekseev Sun, 06/22/2008 - 23:30
User Badges:
  • Gold, 750 points or more

Just because within а tunnel without data encryption your data is UNprotected.

biplobkhan Mon, 06/23/2008 - 01:38
User Badges:


unprotected in which of sence ?. when data pass through tunnel hacker can pick the data ? if unprotected then why i do tunnel ?

then what is necessary of tunnel ?

a.alekseev Mon, 06/23/2008 - 02:05
User Badges:
  • Gold, 750 points or more

Normal IP Security (IPSec) configurations cannot transfer routing protocols, such as Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF), or non-IP traffic, such as Internetwork Packet Exchange (IPX) and AppleTalk, or Multicast

What is why in some cases you'd better do GRE with IPSec than pure IPsec.

dhananjoy chowdhury Mon, 06/23/2008 - 05:22
User Badges:
  • Silver, 250 points or more

Hi Biplob,

let me give a try :)

GRE (Generic Routing Encapsulation) protocol only a simple IP packet encapsulation protocol. GRE tunnel is generally created when you need a point-2-point virtual link between two remote devices. Suppose there is IP reachability between RouterA and RouterB, but you only have control only on A and D ,not on B and C.

RouterA<<-->>RouterB<<-->>RouterC <<-->>RouterD

Now when GRE tunnel is set up, the packets are only encapsulated with the GRE not encrypted.

RouterA<<========GRE tunnel=======>>RouterD

So IPSEC is used to encrypt the traffic.

Hope this helps.

biplobkhan Mon, 06/23/2008 - 22:34
User Badges:

Hi aleks

can you clear me more about this.

1.according your point if my branches and HO running eigrp then I can not do VPN (IPsec) ?

for this reason need GRE with IPsec ?

2. If static route run then if i do only eastablish tunnel then its riskless ?



a.alekseev Tue, 06/24/2008 - 23:08
User Badges:
  • Gold, 750 points or more

Suppouse your branches and HQ are not directly connected.

And you want to run some dynamic routing protocol between branch and HQ.

So you need a tunnel interface.

to use IPSec or not, it depends on your security policy. If you want be sure that you data can not be eavesdrop so you need IPsec to encrypt your tunnel.

biplobkhan Wed, 06/25/2008 - 02:00
User Badges:

Hi all

I think its clear to me. so sumary is

Tunnel must uses:

1. when I need run dynamic routing

2. when branch is not direct connect.

IPsec over Tunnel:

1. when I need more security.

thanks again all of who are participate to clear this, I think many one get good assumtion when they use tunnel or Ipsec over gre.




This Discussion