Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

GRE Tunnel.

Hi Guys,

Branch Office Router <----> ISP 1 Router <----> ISP2 Router <----> Main Office Router

What is the practical use of a GRE tunnel in the above scenario?

What are the pros and cons of GRE tunnel over IPSEC tunnel

Krishna

  • LAN Switching and Routing
5 REPLIES

GRE Tunnel.

Hi Krishna,

 

What is the practical use of a GRE tunnel in the above scenario?


A VPN Tunnel is basically a tool to run private  networks over public infrastructure which is what will happen in your scenario. The simple answer in your case is that you hide your LAN subnets and the ISP's are not aware of it and you can your private IP's over public space. Also you control your LAN routing.

 

What are the pros and cons of GRE tunnel over IPSEC tunnel

Pros:

You can run routing protocols over GRE Tunnels. GRE Tunnels support multicast traffic.etc  With IPsec you can't do this. However, there is an exception whereby you can create something called VTI interfaces and run IPsec and Routing protocols over it. But natively, IPsec doesnt support routing protocols.

Cons:

GRE traffic is not encrypted so a hacker can easily spoof your traffic and cause potential securtiy threat. whereas IPSec traffic is encrypted

Geneally speaking , when running GRE across the public space its best to run  GRE over IPsec and you can gain the best of both worlds.

There are other stuff as well but I gave you the most common info that you would need to know

below link also gives you some good FAQ about both protocols

http://www.dslreports.com/faq/8228

HTH

Kishore

New Member

GRE Tunnel.

Hi Krishna,

Is GRE tunnel is always a VPN tunnel even if we dont apply IPSEC to it?

Krishna

Purple

GRE Tunnel.

Hi,

yes a GRE tunnel can be considered a VPN but a Frame-Relay link between 2 routers is also considered a VPN and MPLS L3 VPNs don't use IPSec either.

GRE  can also be used along with IPSec to provide the best of both worlds, transport non IP traffic or routing protocols with GRE and use IPSec alongside  to encrypt and authenticate:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800a43f6.shtml

Regards.

Alain.

Don't forget to rate helpful posts.
New Member

Re: GRE Tunnel.

Hi Guys,

Let me tell you guys what I understand about GRE tunnel.Please confirm if Im correct or not

A  remote office,which doesn't have a dedicated WAN connectivity to the  Head Quarters. But they have a internet connection to branch office  purpose.

We will use the same internet connection to carry our intranet traffic using a GRE tunnel.

Also using this GRE tunnel this branch office will communicate with other branch offices.

All the routing information will be passed through this GRE tunnel.

Krishna

Super Bronze

Re: GRE Tunnel.

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

Yes, you could do that with a GRE tunnel, although it's possible to do local Internet per branch directly without passing such traffic through the GRE tunnel.  For the latter, only internal business traffic would pass via the GRE tunnel.

"Normal" GRE tunnels are p2p which means either traffic between branches need a dedicated tunnel or will transit another site or sites, often a HQ hub.  There also multipoint GRE which allows multiple sites to logically be on the same network.  One variation of this will have all traffic physically transit a hub site, but there's also a variation that can build a dynamic GRE tunnel between branches and pass traffic directly between them.

443
Views
0
Helpful
5
Replies