We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 651 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

445 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , , , ,

Forum Replies

  1. Hi Mithun,

    These are not the same. Take a look at this picture from my IPsec lesson:


    When we use IPsec tunnel mode, we encapsulate the original IP packet and put an AH or ESP header and new IP header in front of it. IPsec only supports unicast packets.

    GRE also encapsulates IP packets and it supports multicast traffic. It adds a GRE header in front of the original IP packet and then a new IP header. You can see this in this capture file:

    GRE Encapsulated ICMP Captur

    ... Continue reading in our forum

  2. Hello Mohammad.

    What exactly is meant by each of the two phrases depends on the context. Encrypted GRE Tunnel with IPSec refers to the encryption of the information sent over a GRE tunnel using the functionalities of IPSec. GRE over IPSec is not that specific and it depends on what the person speaking really means.

    IPSec used in combination with GRE can function in two ways, either in tunnel mode, or transport mode.

    Tunnel mode, which is the default, which is also what Rene has configured in the lesson, the whole GRE packet is encapsulated and encrypted withi

    ... Continue reading in our forum

  3. Hi Hussein,

    The only thing you have to change is the transform set:

    R1(config)#crypto ipsec transform-set MY_TRANSFORM_SET ?
      ah-md5-hmac      AH-HMAC-MD5 transform
      ah-sha-hmac      AH-HMAC-SHA transform
      ah-sha256-hmac   AH-HMAC-SHA256 transform
      ah-sha384-hmac   AH-HMAC-SHA384 transform
      ah-sha512-hmac   AH-HMAC-SHA512 transform
      comp-lzs         IP Compression using the LZS compression algorithm
      esp-3des         ESP transform using 3DES(EDE) cipher (168 bits)
      esp-aes          ESP transform using AES cipher
      esp-des          ESP transform using DE
    ... Continue reading in our forum

  4. Hello Brian

    When you use the ip route command, what you are telling the router is “in order to get to this network, use this next hop IP.” Now the contents of the command is a network address and a subnet mask. So, if you enter the command

    ip route

    then what you are saying is that if you get a packet with a destination IP address in the range to, send it to

    If you change the subnet mask, what you’re doing is essentially modifying the range within which the destination address mu

    ... Continue reading in our forum

  5. Hello Vadim

    About your first question, it’s important to understand what each entity is and does. GRE is a tunneling protocol. It encapsulates packets and allows them to run over another network. So you can run your internal private IP addresses between two sites that connect to each other over the Internet. A GRE tunnel is not encrypted or secured in any way.

    IPSec is a secure network protocol suite that authenticates and encrypts packets. It is a method of encryption and authentication and does not include any tunneling mechanisms. It cannot and will no

    ... Continue reading in our forum

51 more replies! Ask a question or join the discussion by visiting our Community Forum