One additional difference is that IPSec cannot to forward broadcast and multicast traffic. It can to forward only unicast.
That statement is only valid for older IOS-releases. In recent IOS (I think it started 12.3T, so it's quite a while) you don't need GRE any more to run Multicast like a routing-protocol through a crypto-map based IPSec-Tunnel. And VTIs never had any restrictions like that.
EDIT: I think I remembered wrong on one feature. Of course VTIs can run Multicast without GRE, but the feature I was referring to was to run a routing-protocol with a crypto-map-based config. But I think that worked by sending the Routing-protocol-traffic as unicast and not as multicast. Sadly I don't find any old config for that to make sure what it really was. Sorry for any confusion ...
Both take IP packet and insert it into another packet.
Gre tunnel is not authenticated (it is valnerable to man in the middle attacks).
IPSec tunnel is authenticated (you communicate only with something that approved its identity)
GRE does not use encryption, IPSec traffic is usualy encrypted.
So If you just want to tunnel traffic, GRE is ok.
If you want eigther authentication or encryption... take IPSec.
IPsec can secure even GRE traffic, so you may tunnel traffic using GRE ( in case you want to tunnel multicast, broadcast or even "not-IP traffic"), and then encrypt and authenticate this GRE packets using IPsec.
one thing... GRE is tunneling.
IPSec can tunnel traffic, or "just" secure content and not tunneling original IP header.
So IPSec tunnel mode is only one of two possible modes of using "IP security".
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...