GRE is encapsulation and IPsec is encryption (IPsec can also do encapsulation, but it is avoided when using GRE) DMVPN facilitates the GRE tunnels in that it make it dynamic (you no longer need to define statically all the endpoint IP of the GRE devices) GETVPN is a relative new technology which does not use GRE VTI is another way to send multicast between routers.
The first implementation of IPSec within IOS (crypto-map based) doesn't support multicast traffic encapsulation so adding the GRE layer was the workaround so GRE encapsulate multicast and IPSec encrypt GRE packets which are unicast.
So yes this was the main purpose of having GRE on top of IPSec. The other advantage is you can encapsulate other protocol like IPX and transport it over an IP backbone.
With static routing, GRE layer is not mandatory but it will make your backup routing policy more complex (need to rely on IKE DPD and RRI) and globaly slower than having a dynamic routing protocol.
For Hub&Spoke topology, DVTI is a good alternative to mGRE. Configuration is similar to Dial-In based on virtual-template (each tunnel is associated to a virtual-access interface). Please refer to the following link for more information:
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...