IT Certification and Training Blog

What are the differences between an IPSec VPN and a GRE tunnel?

Jun 5, 2013 8:53:00 AM / by Kelson Lawrence

By Tim Charlton

vpn vs gre tunnelIP Security (IPSec) Virtual Private Networks (VPNs) and Generic Routing Encapsulation (GRE) tunnels are both methods for transferring data across public, intermediary networks, such as the Internet. However, there are considerable differences between the two technologies. Let’s start with a brief overview.

A VPN enables a company to securely share data and services between disparate locations at minimal cost. Users who do not have a permanent workstation in an organization can connect to a VPN to remotely access company data from a home computer, laptop, or other mobile device. By implementing a VPN solution, a company can benefit from all of the following:

  • Cost savings – There is no need to lease lines from a telecommunications service provider in order to construct a wide area network (WAN) if you implement a VPN over an existing Internet connection. Therefore, the cost of implementing a VPN is less than that of implementing a traditional leased-line WAN. However, a VPN solution does require Internet access for each individual site or mobile user that is to connect to the VPN.
  • Encrypted traffic – VPNs can use a variety of encryption methods within the IPSec protocol framework to secure traffic between an organization and its remote locations or users. Alternatively, some VPN installations encrypt data by using Secure Sockets Layer (SSL), which is the encryption standard used by many online retailers, bank Web sites, and other Internet-based businesses.
  • Easy network expansion – VPN access typically requires only an Internet connection, a VPN gateway appliance, and in some installations, a software application. Therefore, expanding a VPN to include new locations and remote users is typically less expensive and requires less configuration than connecting a new site to a leased-line WAN.

Like IPSec VPNs, GRE tunnels are used to create point-to-point connections between two networks. Some of the benefits and characteristics of GRE tunnels include the following:

  • Data encapsulation – GRE tunnels encapsulate packets that use protocols incompatible with an intermediary network (passenger protocols) within protocols that are compatible (transport protocols). This allows data to be sent across networks that otherwise could not be traversed. For example, you could implement a GRE tunnel to connect two AppleTalk networks through an IP-only network or to route IPv4 packets across a network that only uses IPv6.
  • Simplicity – GRE tunnels lack mechanisms related to flow-control and security by default. This lack of features can ease the configuration process. However, you probably don’t want to transfer data in an unencrypted form across a public network; therefore, GRE tunnels can be supplemented by the IPSec suite of protocols for security purposes. In addition, GRE tunnels can forward data from discontiguous networks through a single tunnel, which is something VPNs cannot do.
  • Multicast traffic forwarding – GRE tunnels can be used to forward multicast traffic, whereas a VPN cannot. Because of this, multicast traffic such as advertisements sent by routing protocols can be easily transferred between remote sites when using a GRE tunnel.

In summary, both VPNs and GRE tunnels can be used to transfer data between remote locations. However, their similarities end there. If you are looking to provide a secure method of connecting remote users to resources stored within a central location, you should probably implement a VPN. However, if you need to pass traffic over an otherwise incompatible network, a GRE tunnel should be implemented.


Interested in Cisco Certification? Try our NetSim and Practice Exam demos!

Try Our Demos


Tunnel photo by Frédéric BISSON

Topics: VPN vs GRE, differences between VPN and GRE

Kelson Lawrence

Written by Kelson Lawrence

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

see all

Recent Posts